Analysis
PRIVACY ACT
Illustration: istockphoto.com
Legislate privacy, at least
It’s ironic that even in the age of ‘information’ the laws are ambiguous when attempting to address information privacy By Pavan Duggal
A
fter lot of debate for the last one decade, there appears to be some movement—reports in the media suggest that the Government of India is thinking in terms of coming up with a specific legislation on privacy. Nothing can be better music to ears, more so because privacy as a concept has been a discarded and neglected child of law makers. Ever since we gained independence in 1947, India as a nation has never really paid attention to the extremely important concept of privacy. That is the reason why in the last 63 years of
nationhood we have not seen a single legislation on it. It was left to the Supreme Court of India to go ahead and interpret the fundamental right of life under Article 21 of the Constitution of India to be inclusive of the fundamental right to privacy. However, the limitation is that the said fundamental right to privacy is only enforceable against state action. The advent of the electronic platform, electronic technologies and mobile communication device have brought us to the edge of the information era. In today’s age while everybody is publishing, generating, transmitting and sending data and information in the electronic
form, people have become extremely conscious of the need for protecting data. The Information Technology Act, 2000 was implemented on October 17, 2000. However, even though it is the mother legislation dealing with data and information in the electronic form, ironically, it did not deal with anything relating to aspects pertaining to privacy of data. In fact, it was only after a lot of discussions and debates that some provisions pertaining to privacy were incorporated by way of the Information Technology (Amendment) Act, 2008. However, the said provisions only amount to doing lip service to the concept of privacy. Further, such legislation has only dealt, in a limited manner, with the privacy of the person, in terms of the human body. So much underdeveloped is the law of privacy in our country that the law does not even distinguish between personal privacy and data privacy. Neither exact definition of the personal data is prescribed in the Information Technology Act, 2000 nor any definition of data controller is given. The absence of any data protection legislation in the country further complicates the entire scenario. At the time of writing, the Unique Identification Authority of India has released on its website for public comments the draft National Identification Authority of India Bill, 2010. Aiming to give legal validity to the Aadhar Number, the National Identification Authority of India Bill, 2010 has almost nothing to offer regarding privacy issues. In fact, the word ‘privacy’ has not been mentioned in the said proposed legislation. It is absolutely essential that India has a dedicated legislation on privacy, it being an important component of civil liberties. The legislation should talk about personal and data privacy and also balance the needs of national security in today’s context. Such a measure will help clear the doubts and positively impact the growth of e-Governance and citizens.
the author is India’s leading Cyberlaw expert and Advocate, Supreme Court of India
July 2010 / www.egovonline.net / egov
47