The need to have a privacy law in India has arises as Indian government has launched many e-surveillance and national security related projects without proper privacy and civil liberties safeguards. Projects like Aadhar, National Intelligence Grid (Natgrid), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.
Now law ministry is trying to give some minimum privacy safeguards from these projects. The right to privacy bill 2011 of India would provide for such a right to citizens of India and to regulate collection, maintenance, use and dissemination of their personal information. The Bill also contains penal provisions for violation of privacy rights.
The Bill says, “every individual shall have a right to his privacy — confidentiality of communication made to, or, by him — including his personal correspondence, telephone conversations, telegraph messages, postal, electronic mail and other modes of communication; confidentiality of his private or his family life; protection of his honour and good name; protection from search, detention or exposure of lawful communication between and among individuals; privacy from surveillance; confidentiality of his banking and financial transactions, medical and legal information and protection of data relating to individual.”
The bill gives protection from a citizen’s identity theft, including criminal identity theft (posing as another person when apprehended for a crime), financial identify theft (using another’s identity to obtain credit, goods and services), etc.
The bill prohibits interception of communications except in certain cases with approval of Secretary-level officer. It mandates destruction of interception of the material within two months of discontinuance of interception.
The bill provides for constitution of a Central Communication Interception Review Committee to examine and review the interception orders passed and is empowered to render a finding that such interception contravened Section 5 of the Indian Telegraphs Act and that the intercepted material should be destroyed forthwith. It also prohibits surveillance either by following a person or closed circuit television or other electronic or by any other mode, except in certain cases as per the specified procedure.
As per the bill, no person who has a place of business in India but has data using equipment located in India, shall collect or processor use or disclose any data relating to individual to any person without consent of such individual.
The bill mandates the establishment of a Data Protection Authority of India, whose function is to monitor development in data processing and computer technology; to examine law and to evaluate its effect on data protection and to give recommendations and to receive representations from members of the public on any matter generally affecting data protection.
The Authority can investigate any data security breach and issue orders to safeguard the security interests of affected individuals in the personal data that has or is likely to have been compromised by such breach.
The bill makes contravention of the provisions on interception an offence punishable with imprisonment for a term that may extend up to five years or with fine, which may extend to Rs. 1 lakh or with both for each such interception. Similarly, disclosure of such information is a punishable offence with imprisonment up to three years and a fine of up to Rs. 50,000, or both.
Further, it says any persons who obtain any record of information concerning an individual from any officer of the government or agency under false pretext shall be punishable with a fine of up to Rs. 5 lakh.
For some strange reasons, the law ministry has not made the Bill public. By making the Bill public useful public inputs could have been obtained. Without analysing the copy of the Bill, we cannot comment upon the legality and constitutionality of the same. All we can say at this point of time is that the proposed Bill must protect human rights in cyberspace to be valid and constitutional and it must respect the privacy rights of Indian in the information age.