Informational Privacy in India: An Emerging Discourse
Centre for Policy Research supported by Omidyar Network organized this event in New Delhi on November 29, 2018. Amber Sinha was a speaker on the first panel on privacy and its tradeoffs.
Concept Note
The last few years have seen a formalisation of the right to informational privacy within India’s constitutional framework. While the context to this – the challenge to the validity of the Aadhaar project – has entailed broader issues on delivery of public goods and services, the response to whether an individual can assert control over key informational aspects of her life has become a critical part of our rights jurisprudence.
The Supreme Court verdict in Justice Puttaswamy’s case (2017) unequivocally affirmed this right despite leaving open several important aspects including the permissibility of restrictions on this right, and the level of scrutiny which the judiciary could exercise to safeguard them. What was particularly striking was the judicial reliance on considerable scholarship emerging from India and Indian scholars on important themes pertaining to this right: the differing conceptions of privacy and the role for each of them within India’s constitutional framework; the impact of privacy erosion on citizen-State relationship and private transactions in the commercial realm; surveillance tools and technologies in India; the need for an indigenous data protection law, and much more. The court has picked up on this thread in the second Puttaswamy verdict upholding the constitutional validity of Aadhaar with some important caveats and exceptions.
Recently, the Expert Committee headed by retired Justice Srikrishna also convened to come out with a draft personal data protection bill. The centrality of data to both commercial activity and governance purposes has found recognition in this bill. While the present legal regime to regulate data in India can be considered chequered at best with divergent regulations across finance, healthcare, telecom, mobility etc., the new bill aims to create a “big data-ready” framework. It impacts any private enterprise handling personal data by stipulating new internal procedures and strong penalties. The major themes in the bill are new user rights for data principals (individuals) who share their data with data fiduciaries (technology companies); data localisation and crossborder data flows; data protection authority (DPA) and its powers; data fiduciaries and new compliance requirements; and exceptions including law enforcement. Each of these carries major implications for data-driven solutions.
During the deliberations of the Committee too, substantial Indian scholarship on the themes listed above have been referenced and relied upon. This is truly a breakout moment for privacy and data protection in India. It is changing the terrain of institutional responses to personal data, technology architectures, and digital trade.
Discussion Objectives and Format
With the above background, the Centre for Policy Research conducted a closed-door, invite only discussion on November 29, 2018 on the theme Informational Privacy in India: An Emerging Discourse. This discussion sought to engage with representatives from embassies, chambers of commerce and research funding organisations located in India. It took place from 10.00 to 13.00 hours at the Taj Vivanta Ambassador, Sujan Singh Park off Subramaniam Bharti Marg, New Delhi 110003.
The core objectives driving this workshop were to:
- Highlight informational privacy debates in India;
- Locate informational privacy within India’s constitutional setting, closely re-examining the Supreme Court verdicts in this regard;
- Explore themes such as the notice-and-consent framework, regulatory interventions and structural changes, and other key themes on privacy and data protection in India;
- Demystify concepts introduced to strengthen personal data protection, including actor and data categories, and new user rights, and their potential impact on technology design;
- Highlight the ramifications of data localization and cross-border data transfer restrictions, on digital trade and e-commerce;
- Decode the new structural mechanisms proposed to mitigate risks in collection, storage, and processing of personal data;
- Identify the impact of these mechanisms on the functioning of data-driven businesses and the future of data innovation in India.