Ahead of Data Protection Law Roll Out, Experts Caution That It Shouldn't Limit Collection and Use of Data

With India planning to roll out a new data protection regime following the landmark Supreme Court judgment upholding right to privacy as fundamental right, experts have cautioned that the new law should not limit collection and use of data.

"The new data protection law should have data-driven innovation at its core," said Kamlesh Bajaj, Founder-CEO, Data Security Council of India (DSCI).

"It should not limit data collection and use, but limit harm to citizens," Bajaj added at a seminar on "Data Protection and Privacy" organised by non-profit industry body Internet and Mobile Association of India (IAMAI). In a major boost to individual freedom, the Supreme Court in August declared that right to privacy was a fundamental right and protected as an intrinsic part of life and personal liberty and freedoms guaranteed by the Constitution. "The Supreme Court judgment calls for production of a new law," said Sunil Abraham, Executive Director of Bangaluru-based research organisation, Centre for Internet and Society (CIS). The experts noted that the Supreme Court judgment remains meaningless for digital Indians without a proper data protection law in place as all other existing laws, such as the Information Technology Act, 2000, do not adequately address the question of right to privacy. Recognising the importance of data protection and keeping personal data of citizens secure and protected, the Ministry of Electronics and Information Technology (MeitY) on 31 July, constituted a Committee of Experts under the chairmanship of its former judge Justice BN Srikrishna to study and identify key data protection issues and recommend methods for addressing them. The committee will also suggest a draft Data Protection Bill. "While the regulator should be given tools to make companies behave better, it should not start with harsh punitive actions," Abraham noted, adding that big fines could challenge the very logic of regulation. In a question to whether a robust data protection regime should come in conflict with issues such as national security, he said that lawmakers should find a way to maximise both imperatives. "Surveillance is like salt in cooking. It is necessary, but in limited quantity," he added. Participating in a chat with Google's Public Policy Director Chetan Krishnaswamy at the event, MP Rajeev Chandrasekhar, however, said that regulation should start with the process of data collection itself and consumers cannot be expected to demonstrate harm or inappropriate use of their data to enjoy the right to privacy. "It should not be a free run for companies to mine consumer data," the independent Rajya Sabha member said. He emphasised that the process of formulating a data protection law is as important as the law itself and all stakeholders should be able to openly put forward their views and apprehensions and it is only with such a consultative process that the opportunities for the technology space can be safeguarded.