http://news.rediff.com/report/2010/oct/27/exclusive-now-a-law-to-defend-citizens-privacy.htm
The government has woken up belatedly to provide legal protection to
its citizens' privacy, circulating an approach paper on need to
guarantee it without compromising the country's balance of interests
and concern.
Most Western countries have strict privacy laws that India lacked so
far because the public dissemination of personal information has over
time become a way of demonstrating 'the transparent functioning of the
government.'
How soon the law will be enacted for the purpose is, however, not
certain as it is all still at the conceptual level. The draft approach
paper was circulated on Monday and a short time of one week is given
for the public views by October 25; that itself may trigger an outcry
to allow more time.
The approach paper says the privacy for the purpose should be defined
as the expectation that confidential personal information disclosed by
any individual to government or non-government entity should not be
disclosed to third parties without his consent and sufficient
safeguards be adopted in processing and storing such information.
"In essence, disclosure of data which can be used to identify a
physical person without following the due process could be construed
as breach of privacy," says the document while pointing out that the
country does not have any protection statute.
Though the judiciary has derived "right to privacy" from the rights
available under Article 19(1)(a) that defines fundamental right to
freedom of speech and expression and Article 21 that gives the right
to life and personal liberty, all cases were decided in the context of
government action resulting in denial of right of privacy to private
citizens.
No privacy judgment has so far granted citizens a right of action
against the breach of privacy by another citizen and as such the
personal privacy jurisprudence in the country is not yet fully
developed, says the approach paper.
It says the legislation to ensure privacy should really be in the form
of framework rather than detailed prescriptions, making it applicable
equally to private as well as public entities to protect citizens and
individuals against the misuse of their personal data by anybody.
Such a law will ensure protection to all forms of personal data,
imposing a greater responsibility on those processing and collecting
the information "whose disclosure can result in significant financial,
reputational or other associated loss to the person concerned."
The legislation is recommended to be limited to personal information
relating to real persons on the ground that there are other
legislations that deal with information in the context of legal
persons such as corporations.
Besides, there is a greater risk of personal injury in the context of
real persons as opposed to legal persons.
The document recommends creation of an appropriate list of items that
would constitute sensitive information and goes on to list out what
they can be. These are:
racial or ethnic origin or castes;
political affiliations or opinions;
religious affiliations and beliefs or other beliefs of a similar nature;
membership of a trade union;
physical or mental health or condition;
sexual life;
criminal record;
genetic information about an individual that is not otherwise health
information;
information or an opinion about an individual;
financial or proprietary confidential corporate data;
data on a person's personality;
private family relations;
biometric data;
social welfare needs of a person or the benefits, support or other
social welfare assistance received by the person; and
data collected on a person during the process of taxation (except data
concerning tax arrears).
The approach paper also takes note of the biometric data collected by
the government under its Unique Identity project called 'Aadhar' which
can be misused causing immense harm to the individuals as it says it
should be also defined as personal sensitive data.
It also stressed that the personal data be collected only after
written consent and the individuals should have the right to correct
any wrong data about them and the data controller must be made
responsible for faults of the data processor to fulfil the data
protection obligations.
Also the data should be stored only till the time the purpose for
which it is collected is achieved.
The document discusses the possible conflict of the privacy law with
various other laws like the Right to Information Act and says the act
itself directly or indirectly lays down that private information
relating to an individual is to be prevented from authorised
disclosure.
It also stressed that the legislation must provide for exceptions like
in the interests of national security as on many occasions the
government may need to gain access.
What about the credit verification done by banks and financial
institutions to access personal information about the prospective
borrowers? The document says there will be no bar on collection of
data but provide a regulation regime on how it is processed for only
verifying the credit worthiness of a person.
As regards the possibility of the proposed law infringing upon freedom
to trade of the detective agencies, the approach paper refers to the
European laws dealing with the use of surveillance for security and
private investigation purposes and suggests that the private detective
agencies must be regulated as they can potentially wreak considerable
havoc on the personal information of a citizen if allowed to operate
without regulations.
A Correspondent in New Delhi
--
Urvashi Sharma
RTI Helpmail( Web Based )
aishwaryaj2010@gmail.com
Mobile Rti Helpline
8081898081 ( 8 A.M. to 10 P.M. )
No comments:
Post a Comment