Defining Privacy & Data Privacy in the Indian PDPB 2019 (Part 1)

  • Home
  • Defining Privacy & Data Privacy in the Indian PDPB 2019 (Part 1)
Shape Image One
Defining Privacy & Data Privacy in the Indian PDPB 2019 (Part 1)

Many of the readers may be wondering about this sudden noise both in mainstream and social media over Privacy. Many of these are confusing and some are pure myths. With almost all Business in total or partial lockdown, and many of us working from home or remote locations, the issue of Privacy has once again come to the fore.

Through these series, we plan to Demystify the concept of Privacy, connect Privacy to Personal Data Privacy and ultimately to Indian Personal Data Protection Bill 2019. Experts have high expectation that this Bill is will be passed in the next session of Parliament in August 2020, depending on how the lockdown situation emerges.

So Why Do We Care So Much About Privacy?

Before we attempt to answer the above, lets delve on the meaning and concept of privacy.

Yes it true, Privacy as a concept has been present in the society for thousands of years, but has never been defined formally. Historians have cited numerous examples of Privacy being used in activities such as accounting, commercial transactions and even building construction.

So what exactly is Privacy?

Privacy is a fundamental human right that underpins freedom of association, thought and expression, as well as freedom from discrimination. But it’s hard to define. Different countries offer different views, as do individuals. Privacy depends from person to person and differs depending on the situation.

Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion.

Privacy is considered to be a qualified, fundamental human right. The right to privacy is articulated in all of the major international and regional human rights instruments.

On the other hand, Information privacy is the right to have some control over how your personal information is collected and used. It’s also about promoting the protection of information that says who we are, what we do and what we believe.

Experts concur that, privacy includes the right:

  • to be free from all levels of interference and intrusion
  • to be associated freely with whom you want
  • to be able to control who can see or use information about you

And there are different ways to look at privacy, such as:

  • surveillance (where your identity is not known prior & mostly not recorded)
  • physical privacy (body pat down, tests for medical purpose)
  • information privacy (how your personal information is handled)

Over 130 countries have constitutional statements regarding the protection of privacy, in every region of the world. However, it is all too common that surveillance is implemented without regard to these protections.

One of the prime reason all of us been receiving a steady stream of privacy-policy updates from almost all Social Media Platforms, is that the European Union just few years back, enacted the General Data Protection Regulation(GDPR), which gives users greater control over the information that online companies collect about them. Many leading Social platforms have been penalised for non-compliance. India has also presented a Bill, referred to as the Personal Data Protection Bill PDPB 2019, and is expected to be passed by Parliament soon.

When we Accept the app usage policies, not many of us take out the time to scroll through the new changes and adjust our data settings. We sign up to get the service, but we don’t give much thought to who might be storing our likes/dislikes or what they’re doing with our personal information. At first, one feels elated to know that when our devices seem to “know” where we live or how old we are or what books we like or which brand of shirt we use. Then we grow to expect this familiarity, and even to like it. It makes the online world seem customized for us, and it cuts down on the time we need to order the right accessory with your shirt or order something new to read.

In other words, Social media companies can now uniquely identify individuals amidst mass data sets and streams, and equally make decisions about people based on this massive database. It is now possible for companies and governments to monitor every conversation we conduct, each commercial transaction we undertake, and every location we visit. These capabilities may lead to negative effects on individuals, groups and even society as it may exclude or include and discriminate individuals based on their social profile.

But, as it has become apparent in the past year, we don’t really know who is seeing our data or how they’re using it, and more worryingly this is also true for even the people whose business it is, to know. We are reminded of the consulting firm Cambridge Analytica, which had harvested the personal information of more than fifty million Facebook users and offered it to clients, all within the grey area of consumer benefits.

So this hullabaloo over Privacy is genuine! With the mind blowing technological innovation in this ever increasing VUCA world of Data usage, information privacy is becoming more complex by the second, as humungous amount of data is being collected and exchanged. And that leaves organizations facing an incredibly complex task of ensuring that personal information has been protected.

As a result, privacy has fast-emerged as perhaps the most significant consumer protection issue in the global information economy.

Additionally, the Indian Supreme Court, in one of the (various) cases over the years, has commented on Privacy as follows:

“for the purpose (of this case), it is sufficient to go by the understanding that the right to privacy consists of three facets i.e. repose, sanctuary and intimate decision. Each of these facets is so essential for the liberty of human beings”.

“Repose” refers to freedom from unwarranted stimuli, “sanctuary to protection against intrusive observation, and “intimate decisions” to autonomy with respect to the most personal life choices.

Indian courts have also ruled that “Privacy, in its simplest sense, allows each human being to be left alone in a core which is inviolable.”

Multiple SC judgements have ruled that Right to Privacy is implicit in the Right to Life and Right to Liberty under section 21 of the Indian Constitution.

Since Privacy is for all practical purpose considered a fundamental right of the Indian Citizen, it means that the Government cannot infringe on the privacy of a citizen except under the “Reasonable Restrictions” clause which has to be embedded into a statutory law providing a “Due Process”.

Hence when it comes to “Surveillance” the Government has to ensure that there is a law that provides it has the power to do surveillance and also provide a reasonable process through which such power can be exercised. This would include defining who has the authority, when and how it can be exercised, what are the limitations to the power, under what all circumstances these can be revoked and what documentation and reporting would be required etc.

So is Privacy same as Security?

Data privacy is focused on the use and governance of personal data—things like putting policies in place to ensure that consumers’ personal information is being collected, processed, stored and erased in appropriate ways. A novel concept of obtaining consent has been introduced to ensure the interest of the individual is paramount.

Security focuses more on protecting data from malicious attacks and the exploitation of stolen data for profit. While security is necessary for protecting data, it’s not sufficient for addressing privacy.

Also, although the Concept of Privacy is closely related to concepts such as “Secrecy”, “Confidentiality” and “Anonymity”, but “Privacy”, as such, has a distinct character.

For understanding the Indian PDPB2019, it is essential that we have a clear and unambiguous understanding of these terms and what they mean to a Data Protection Professional. These will be taken up in the upcoming series.

We at Redwood Learning conduct our Online Learning Module on the Indian PDPB 2019

For more details visit www.redwoodlearning.in

By Sameer Mathur

-Founder & CEO, SM Consulting

-Founder & CEO, Redwood Learning

Leave a Reply

Your email address will not be published. Required fields are marked *