CSR: Data Privacy Laws in India
From May 2018, every website you visit started showing you a notice informing you of an update in their privacy policy or asking if you understand that the company is using cookies to collect data about you. These companies were always collecting data while you were surfing but after May 2018, it became mandatory to inform users about this exercise as the European Union passed GDPR (General Data Protection Regulation) which is a new framework for data protection laws. Most of the websites that throw up this notice don’t give you an option to disable it at all but just to accept that you have no issues with them collecting your data and close the irritating pop up.
If you’re not paying for it; you are the product! is a quote which is doing the rounds since the advent of television commercials and it has never been more true than today when the user is being constantly manipulated to get more and more data which can be used later to sell more products to him or her.
The state of data privacy laws in India is a laughing stock for the whole world. We are the 2nd most digitally connected country in the world and yet don’t have a proper laws regulating the data privacy of our citizens.
In July 2018, the justice BN Srikrishna committee submitted a draft of the Personal Data Protection bill, 2018 to the Central government. This bill will form the foundation of India’s data protection laws and serve as a shield to protect our netizens. But the bill has received its share of criticism and flak.
The bill states that every company which collects data of Indian citizens has to ensure that the data is stored on Indian soil. This will ensure that data is localised which will bring in compliance costs for a lot of companies having their data centres abroad. The big guns will have the resources but startups will face a desperate battle to migrate data and re-haul their backend infrastructure. One criticism that the bill has faced is that it focuses on data localisation but does not have data protection as it’s key feature. Data localisation without data protection will not serve any purpose at all.
The government will appoint a committee comprising of one chairperson and six other members appointed by the central government to improve transparency. As this committee is selected by the government itself, it creates an issue of concentration of power in the hands of the politicians as such bodies find it very difficult to operate autonomously.
The bill proposes that all offences be cognizable and non-bailable which will make the companies second guess all their decisions as the authorities are way behind the modern technology and their little understanding of the landscape might lead to companies taking a step back in embracing new ideas due to the fear of being arrested or criminal sections being slapped against them.
As of now, India does not have a proper law to regulate the use of data of its citizens. This bill, with all of its drawbacks, is at least a step in the right direction. India is the largest democracy in the world and it does need to catch up in this “Data Age” in order to protect its citizens.
Thank you for reading the story until the very end. We appreciate the time you have given us. In addition, your thoughts and inputs will genuinely make a difference to us. Please do drop in a line and help us do better.
Regards,
The CSR Journal Team