Panel suggests law to protect individual privacy
A government-appointed expert panel Thursday called for a law to protect individual privacy against misuse of information collected by various agencies, public and private, and through various methods like telephone tapping.
Published in Newstrack India on October 18, 2012.
Concerns have been voiced by various quarters in the country on the possible invasion of citizen's privacy guaranteed under Article 21 of the Constitution through national programmes like Unique Identification number, reproductive rights of women, DNA profiling and brain mapping which will be implemented through the information, communication and technology (ICT) platforms.
Minister of State for Planning Ashwani Kumar last year had constituted the experts group to identify the privacy issues and prepare a report to facilitate authoring of the privacy bill.
The group, headed by former Delhi High Court Chief Justice A.P. Shah, recommended setting up of a regulatory framework comprising Privacy Commissioners at the centre and regional levels to deal with privacy issues and mandatory destruction of telephone conversation after a specified period.
As regards the specific issue of phone tapping, it said "interception orders must be specific and all interceptions would only be in force for a period of 60 days and renewed for a period up to 180 days".
It suggested that the records of the conservation should be destroyed by security agencies and telephone service providers within stipulated time frame.
"Records of interception must be destroyed by security agencies after six months or nine months and service providers must destroy after two or six months," it said.
Acccording to an official release, the following are some of the major recommendations made in the panel's report:
- The regulatory framework will consist of Privacy Commissioners at the Central and Regional levels.
- A system of co-regulation that will give self-regulating organizations at industry level choice to develop privacy standards which should be approved by a Privacy Commissioner.
- Individuals would be given the choice (opt-in/opt-out) with regard to providing their personal information and the data controller would take individual consent only after providing inputs of its information practices.
- The data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection as well as process the data relevant to the purpose for which they are collected.
- The data collected would be put to use for the purpose for which it has been collected. Any change in the usage would be done with the consent of the person concerned.
- Data collected and processed would be relevant for the purpose and no additional data elements would be collected from the individual.
- Interception orders must be specific and all interceptions would only be in force for a period of 60 days and renewed for a period up to 180 days. Records of interception must be destroyed by security agencies after 6 months or 9 months and service providers must destroy after 2 months or 6 months.
- Infringement of any provision under the Act would constitute an offence by which individuals may seek compensation for an organization/bodies held accountable to.
Note: CIS was part of the expert committee even though not explicitly mentioned.