Data Privacy Law : a Pandora’s Box ?
I got that feeling after reading the following :
Include obtaining, transfer, disclosure and sale of personal and sensitive data, if it causes harm to the person whose data it is (data principal), and re-identification and processing of previously de-identified personal data.
[ How a citizen will ever get to know that someone to whom he gave personal data , has caused him harm , through misuse of data ?
How must this aggrieved citizen go about to “ prove “ that a “ harm “ has been caused to him by such misuse ? Would he even remember to whom did he give what personal data – and for what legitimate “ use “ ?
By filing court cases against 200 search engines / mobile apps / e-com sites / govt agencies ? ]
For “ intentional or reckless behaviour ” that leads to the crimes, which it wants to be made cognisable and non-bailable.
In case the crime has been committed by a company or body corporate, including government departments, the responsibility would lie with the person in charge of conducting the company’s business or the head of a government department.
[ If such a “ transfer / sale / disclosure “ of personal data cannot be proved to have caused “ harm “, will that behaviour not be “ intentional or reckless “ ? ]
To be paid to “ data principals “ in case any harm is caused to them for infringement.
[ Who decides what was the “ quantum “ of harm and what is the commensurate “ quantum “ of compensation ? Won’t this differ from one case to another ? ]
The in-charge of all responsibility if he or she shows that the crime was committed without his/her knowledge or that all reasonable efforts had been taken to prevent the crime from being committed.
[ All data flows from one computer to another computer or even to some other
internet-connected device , such as a car / refrigerator / smart watch / TV etc .
Most of the time such transfers are happening round the clock, with no one watching /
no one knowing / no one asking for any permission from anyone !
According to one expert , by 2022 , there will be 50 internet connected devices in each
home ( IoT – Internet of Things ) – each sending out a lot of your personal / private
data, to their respective manufacturers / ISPs / Operating Systems )
Will anyone know what device is sending out which information to whom and when ? ]
Data collected under Aadhaar :
Would be out of the scope and purview of the proposed law.
This recommendation may not find favour with those who have opposed the unique identification system on the ground that the collection and dissemination of Aadhaar data leaves citizens vulnerable.
[ What about Aadhar-linked data collected by government agencies for hundreds of
Direct Benefit Schemes , which it has shared with Banks and Financial Institutions ? ]
All data collectors would have to get registered with the DPA.
[ Each and every business establishment which is selling any product or service , online
( includes all search engines / e-com sites / mobile apps ), will need to register .
Soon that will cover 50 million MSME of India !
Would this cover all FOREIGN data collectors as well over which Indian Laws have no
jurisdiction ? Is this , at all practical / feasible ? ]
Data Ombudsman :
To adjudicate complaints between “ data principals “ and “ data fiduciaries “
Appeals against orders of the data ombudsman will be made to an appellate tribunal.
The Supreme Court will hear appeals against orders of this appellate tribunal.
[ How many years will it take for the complaint to travel from Ombudsman to
Appellate tribunal to Supreme Court ?
My guess : 15 years ]
Could we have anticipated these “ questions “ while drafting the Law ?
And found some practical “ answers “ to those questions before opening up the Pandora’s Box ?
Possibly , if the policy makers :
and the members of SriKrishna Committee :
had carefully read my following emails – especially my oft-repeated suggestion to induct some IT technocrats (eg: Nandan Nilekani / email@example.com ) in the Committee
There is a possibility that the Hon Judges of the Supreme Court found time to read my emails – in which case , they might ask these questions to the Government advocate , when the first case reaches its doors !
( 1 ) Privacy ? What is that ? [ 04 May 2017 ]
( 2 ) Delusion of Privacy ? [ 10 June 2017 ]
( 3 ) 2024 ! – V 2.0 of Orwellian 1984 ? [ 07 July 2017 ]
( 4 ) Privacy ? Perish the Thought ! [ 18 July 2017 ]
( 5 ) #RighttoPrivacy ! Thank You Your Honours ! [ 19 July 2017 ]
( 6 ) Privacy does not live here ! [ 22 July 2017 ]
( 7 ) Future is Nearer ! [ 31 July 2017 ]
( 8 ) Three got it Right ! [ 02 Aug 2017 ]
( 9 ) My Birth-Right : Trying to Influence [ 04 Aug 2017 ]
Aug 2017 ]
( 11 ) Right to Sell My Soul ? [ 27 Aug 2017 ]
( 12 ) A Fool’s Paradise ? [ 29 Aug 2017 ]
( 13 ) Aadhar – for HR ? [ 02 Sept 2017 ]
( 14 ) Wherefore Art Thou, O Romeo ? [ 20 Sept 2017 ]
( 15 ) Data Privacy : We are getting overtaken ! [ 26 Sept 2017 ]
( 16 ) 7 Pillars of Data Protection Law [ 27 Nov 2017 ]
( 17 ) Just Ask Google ! [ 28 Nov 2017 ]
( 18 ) Here is the Proof [ 30 Nov 2017 ]
( 19 ) Data Protection without Data Privacy ? [ 08 Jan 2018 ]
( 20 ) PRIVACY : A Lost Battle [ 15 Jan 2018 ]
( 21 ) Aadhar : Supremely Satisfying ? [ 19 Jan 2018 ]
( 22 ) Aadhar Fact : Privacy Fiction ? [ 19 Jan 2018 ]
( 23 ) Aadhar : Dawn of Realism ? [ 23 Jan 2018 ]
( 24 ) Oh ! for some learned arguments ! [ 25 Jan 2018 ]
( 25 ) Aadhar : Supreme Asks : What if ? [ 30 Jan 2018 ]
( 26 ) A Hostile Advocate ? [ 07 Feb 2018 ]
( 27 ) Big Brother is watching us ! And how ! [ 09 Feb 2018 ]
( 28 ) Nightmare ? #Aadhar #Privacy #DataProtection [ 04 March 2018 ]
( 29 ) A Drop in the Ocean ? [ 20 March 2018 ]
( 30 ) Trade Off : Privacy vs LiveEasy ? [ 25 March 2018 ]
( 31 ) From Tele-phony to Tele-Empathy ? [ 27 March 2018 ]
( 32 ) Facebook Replies [ 29 March 2018 ]
( 33 ) How Do You Control Wind ? [ 11 April 2018 ]
( 34 ) Dear Hon CJI , Shri Dipak Misraji [ 13 April 2018 ]
( 35 ) Parekh’s Law of #Privacy ? [ 15 April 2018 ]
( 36 ) Facebook : The Formidable [ 27 April 2018 ]
( 37 ) Everything You Do ? [ 03 May 2018 ]
( 38 ) Making best of a bad bargain ? [ 09 June 2018 ]
( 39 ) Enforcing is difficult ? [ 13 June 2018 ]
( 40 ) This is just the Beginning ! [ 09 July 2018 ]
( 41 ) Social Media Hub ? Where is the need ? [ 13 July 2018 ]
16 July 2018
www.hemenparekh.in / blogs