yesterday, I had an opportunity to experience the perspective of Law Students on the DPDPA in the Moot Court Competition held by KLE Law College which discussed the issues of a data breach and how the lawyers could argue the incident in the Court in days to come and how the Judges may react.
I am not fully aware of the problem statement but it was clear that the problem was that there was a website providing medical services belonging to the Government sector where a breach of the personal data of customers was observed through an AI algorithm used by the payment gateway. The arguments centred around the compensation payable to the individuals whose personal data was lost and the liability of the website.
It was good to see many interpretations of the provisions of the Act presented by the students which represented the investment they have made in understanding this new law.
However, many of these interpretations appeared to need correction as otherwise the data protection Jurisprudence may get corrupted in near future.
In particular, it was amusing to see the tendency of the community to use Section 35 exemption from personal prosecution of Government officials as a ground to ask for scrapping of the section like the scrapping of Section 66A of ITA 2000.
We we have repeatedly pointed out that this decision of the Supreme Court arose because of a mis interpretation of the term “Transmission” of electronic information as “Publishing” of electronic information and a desire of the Supreme Court to show its power by scrapping a provision instead of helping in clarification through a “Reading down” of the provision.
Law students should realize that their glory is not in scrapping down a law enacted by the Parliament but to bring clarity to the law. Even the prayer to the Courts in such cases should be in improving the system rather than bringing down the system. Perhaps even the Courts need to appreciate this.
The community appears to be mis-interpreting DPDPA and focussing on being critical of the administrative powers of the DPB rather than focussing on the basic objective of the Act. It was also seen that some students were drawing the objectives of GDPR into interpretation of the act without understanding the applicability. The community appeared to be unable to appreciate that DPDPA is a compliance related law and has to work with ITA 2000 for personal remedy. It was surprising that in the discussions no body remembered the remedy available under Section 46 of ITA 2000 for the victims of a data breach while the power of the court to grant compensation in such cases was remembered from the Bhopal Gas tragedy.
It is interesting to note that during the next week’s IDPS 2024, we will be discussing “Adjudication as a remedy for Data Breach Compensation” in a Key Note as well as the “Grievance redressal mechanism” in the focussed group discussion. Hope the legal community would benefit from these discussions.
We need a “Nachiketa debate” on DPDPA with the Judiciary to ensure that DPDPA or any of its provisions does not get scrapped but the Judiciary assists in improving the interpretation of the Act.
Naavi
