India has been struggling to introduce a Data Protection Law for a long time. It was initially at the instance of the IT industry that the earlier Government framed a draft law in 2006. Subsequently Privacy activists created a furore when Aadhaar was sought to be used widely by the Government resulting in the Supreme Court nudge and the Srikrishna committee followed by PDPB 2018, PDPB 2019 and now DPB 2021.
However at each stage there have been so many oppositions that the Bill is still not passed. Even as late as last week, industry bodies have asked for scrapping of the Bill in its current form and start a new drafting exercise, knowing fully well that this exercise will delay the introduction of data protection by another few years and would be a set back in every sense.
This time it appears that the Social Media Intermediaries who are in the forefront of the move to scuttle the Bill. Even Start Up industry has been made a party to this set of objections.
The media is a commercial organisation and they will convey only the views of any vested interest, amplifying the objections.
Some of the modifications that have been projected in the media are
-
- The Government should have no powers to seek exemption from any provisions of the Act even if permitted under the Indian Constitution.
- Law Enforcement should not have any power of surveillance even if Crimes in Data Space are a threat to our very existence as a society.
- Social Media intermediaries should not be challenged on fake news distribution
- Industry should have exemptions for ever to comply with the basic principles of compliance
- The fines and penalties should be waived.
- Cost of Compliance should be reduced
- Financial Information should not be considered as “Sensitive”
- Data should be freely transferable abroad even though other countries like EU are opting for more and more restrictions.
- Indian Government should give up its sovereignty on Data generated in India and allow the tech giants to monetize Indian data resources
It is unfortunate that as in other fields the industry institutions which are expected to protect the interests of the country are abdicating their national responsibilities and have been only interested in projecting the commercial interests of companies most of whom are today international companies.
Even home grown companies are dependent on the patronage of International companies and hence take a stand “Business First, Nation Next”.
There is nothing like a “Perfect Law” and seeking a perfect law particularly in the domain of Privacy which has inherent conflicts with other Rights, is only an excuse not to pass the law. I hope people in high places accept this reality and not think that the public are gullible enough to believe such excuses.
Every corporate law in the country has a cost burden and this cannot prevent the law to be passed. Income Tax Law or Company Law have imposed enormous cost on the industry. Does it mean that the industry should oppose them because of “Cost of Compliance”? If not, why this opposition only for “Data Protection law”?
Can the nation exist if we ignore the need of law enforcement and Governance in enforcing the Privacy law? Can speculation on what all can go wrong prevent action of the Government. Every law has a potential to be misused if we have dishonest administrators and dishonest administrators will continue to exist as long as there is greed in the society.
We only have to keep strengthening the law as well as the checks and balances to ensure that law is not mis-applied. The Courts are there to ensure justice if the administrators fail.
We therefore urge all those who have opposed the current draft of DPA 2021 to set aside their differences for some time and let the law come into existence. Let us give it at least one year of existence after which we can pass any amendments that may be necessary.
I therefore appeal to industry bodies such as NASSCOM, ASSOCHAM, FICCI, CII, etc to stop complaining about the new draft of DPA 2021 and start co operating with the Government in getting the law passed.
Alternatively the industry can be honest to say that the industry does not want the Data protection law to be passed in India and they can file a petition in the Supreme Court to stop the Government from passing such law.
If the business entities who gladly adopt a EU law such as GDPR but have objections only for the Indian law because they want freedom to plunder the Indian resources, it is natural for the Government also to feel why it should tie its own hands with the law which also imposes restrictions on the Government. Government therefore will not be keen to pass the law unless the industry is ready.
The genuine Privacy Activists also should appreciate that many of the NGOs are funded by the same vested interests who donot want the law to be passed and hence will be happy to raise objections for every version of the Bill. They also should realize that if there is a law in place, it is easy to make amendments. If we push the law further by another 2 years then the current state of “No Data Protection Law” will continue. If this is their intention, they also should be honest to admit that they survive on the prolonging of this uncertainty.
I appeal to the Genuine Privacy Activists to join hands with Naavi.org/FDPPI so that we can try to get a workable Data Protection law in place first and worry about refinements later.
Let us therefore start a “Welcome Data Protection Law in India” campaign under a “Data Protection Law Forum” which will be co-ordinated by FDPPI, the Foundation of Data Protection Professionals in India and Naavi.org.
(Comments are welcome)
Naavi