Group of Experts on Privacy Submit Report
With the initiation of national programmes like Unique Identification number, NATGRID, DNA profiling, Reproductive Rights of Women, Privileged communications and brain mapping, most of which will be implemented through ICT platforms, concerns have been expressed in various quarters in the country on the possible invasion of citizen’s fundamental right to privacy Constitutionally guaranteed under Article 21. In order to understand these concerns and identify interventions for effectively addressing these issues, Dr. Ashwani Kumar, MOS (Planning) had directed the constitution of a Group of Experts to identify the Privacy issues and prepare a Report to facilitate authoring of the Privacy bill.
Accordingly, a Group of Experts under the chairmanship of Justice A P Shah, former Chief Justice of the Delhi High Court was constituted on 29th September 2011. The Terms of Reference of the Group were as follows:-
1. To study the Privacy laws and related bills promulgated by various countries.
2. To make an in-depth analysis of various programmes being implemented by GoI from the point of view of their impact on Privacy.
3. To make specific suggestions for consideration of the DOPT for incorporation in the proposed draft Bill on Privacy.
The Group of Experts held meetings between January and August 2012, wherein various issues and aspects relating to privacy were discussed, keeping in view inter alia the international landscape of privacy laws, global data flows and the privacy concerns emanating with rapid technological advancement. The Group studied the constitutional basis for privacy, International Privacy Principles, National Privacy Principles and has also made an analysis of relevant legislations/Bills from a privacy perspective.
The Report has recommended a conceptual framework for the proposed Privacy legislation for India covering the following five salient features:
a) Technological neutrality and inter-operability with international standards.
b) Multi-dimensional privacy
c) Horizontal applicability
d) Conformity with privacy principles
e) Co-regulatory enforcement regime
Some of the major recommendations made in the Report cover aspects such as:
• The regulatory framework will consist of Privacy Commissioners at the Central and Regional levels.
• A system of co-regulation that will give self-regulating organizations at industry level choice to develop privacy standards which should be approved by a Privacy Commissioner.
• Individuals would be given the choice (opt-in/opt-out) with regard to providing their personal information and the data controller would take individual consent only after providing inputs of its information practices.
• The data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection as well as process the data relevant to the purpose for which they are collected.
• The data collected would be put to use for the purpose for which it has been collected. Any change in the usage would be done with the consent of the person concerned.
• Data collected and processed would be relevant for the purpose and no additional data elements would be collected from the individual.
• Interception orders must be specific and all interceptions would only be in force for a period of 60 days and renewed for a period upto 180 days. Records of interception must be destroyed by security agencies after 6 months or 9 months and service providers must destroy after 2 months or 6 months.
• Infringement of any provision under the Act would constitute an offence by which individuals may seek compensation for an organization / bodies held accountable to.
NNK/MD