Ban of mobile applications on the ground of data protection raises a grave question - Does our country have stronger laws related to data protection? In this era, data is so important that a country can wage war against another for same; the war so waged is called Cyberwarfare. But does our country have data protection laws that are strong enough to protect our country's data from being misused or transmitted to any other country?The current Information Technology Act, 2000, already needs major amendments due to the ever-developing sector, and to protect the personal data of the citizens of this country, there is an exigent need for a legislation protecting the same. The Personal Data Protection Bill was introduced in 2018 but in 2019 it was re-introduced with changes as Personal Data Protection Bill, 2019.
PRESENT LAWS
Presently India has a bunch of laws and regulations but there is no specific regulation that deals with the protection of data laws in India. India has the Information Technology Act, 2000, and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under which sections 43A and 72A of the Act are related to data protection. Section 43A talks about compensation on the failure to protect data while section 72A deals with punishment for disclosure of information in breach of lawful content. Under Section 72A imprisonment is for a term which may extend to three years or with fine which may extend to Rupees Five Lakh or both. The Information Technology Rules, 2011 protect the personal information and sensitive personal information for which a corporate body needs to obtain consent before disclosing information. But there is no law or regulation which covers data protection in India and in the present postpandemic situation, differences with other countries have arisen making it imperative for India to have data protection.
PERSONAL DATA PROTECTION BILL, 2019
The Personal Data Protection Bill, 2019, in which major changes were made from the Personal Data Protection Bill, 2018, aims to protect its citizens' personal and sensitive information making it an obligation on the data fiduciary or data processor from the misusing data. This bill applies to companies processing personal data which are government companies incorporated in India and foreign companies dealing with personal data of individuals in India and these are called as Data Fiduciaries. As per Section 3(13) of 2019 bill, data fiduciary means any person, including the state, a company, any juristic entity or any individual who alone or in conjunction with others, determines the purpose and means of processing data. As per the bill, this fiduciary has the obligation that the data will be processed fairly and reasonably and will ensure the privacy of the individual1 whose personal information is being processed also known as the data principal. A data fiduciary needs to give data principal notice of data collected or processed2 , the data fiduciary cannot retain any personal data beyond the period necessary. It can retain data for longer time only if the condition has been taken from the data principal. It is the obligation of the data fiduciary to take necessary consent from the data principal at the commencement of its processing3 .
As per sections 12, 13, and 14 of the 2019 bill, the data can be processed without the consent also but only in a limited manner as per provision of the bill. The data fiduciary is also obligated for implementation of security to safeguard the data and instituting grievance redressal. The bill also discusses rights of data principal like obtaining confirmation on data that has been processed, the data principal will have the right to access the information in one place, can seek correction, can transfer personal data to any other fiduciary and can also restrict continuing disclosure of data by the fiduciary4 . The bill assures transparency as well as the accountability of the data fiduciary.
The bill has provisions of transparency and accountability whereby data fiduciary is obligated to maintain transparency in processing the data, implementing security safeguards, reporting of data breach, maintenance of records, audit, appointment of Data Protection Officer and have in place a grievance redressal mechanism. The bill has provision of transfer of data outside India to an entity or organization where the central government has allowed such transfer of data by the data fiduciary only on a condition to the consent of data fiduciary and conditions mentioned in Section 34 i.e., in case of health service or emergency service. But the central government can exempt any of its agencies from the provisions of the bill in the interest of the security of the state, public order, sovereignty and integrity of India and friendly relations with foreign states, and for preventing incitement to the commission of any cognizable offence. Processing of personal data is also exempted from provisions of the bill for certain other purposes for prevention, investigation, or prosecution of any offence, or personal, domestic, or journalistic purposes5 .
The bill has a provision of penalty that contravenes with the bill as for processing or transferring personal data in violation of the bill is punishable with a fine of Rs 15 crore or 4% of the annual turnover of the fiduciary, whichever is higher, and on failure to conduct a data audit, punishable with a fine of five crore rupees or 2% of the annual turnover of the fiduciary, whichever is higher. Re-identification and processing of deidentified personal data without the consent of data principal are punishable with imprisonment up to three years, or fine, or both.6 For better enforcement, a data protection authority and appellate tribunal will be set up for safeguarding the right of data principals. As per the bill, section 43 A and section 87(2)(ob) of the Information Technology Act, 2000 shall be omitted.
APPLICABILITY OF DATA PROTECTION BILL, 2019 IN THE PRESENT SCENARIO
The important question that arises today is whether the 2019 bill will be impactful in a situation like the present where the data stored is being processed or transmitted to another country impacting the security and privacy of the country. The 2019 bill has provision under section 33 and 34 to regulate such a situation where data fiduciary transmits the data to another country. If the data fiduciary knowingly contravenes the provision of the bill it will be liable for a penalty which may extend to Rupees Fifteen Crores or Four Percent of the worldwide turnover of the preceding financial year whichever is higher. In the present era, there have been seen multiple violations of data by the social media intermediaries and the bill strives to cover them as well. The bill defines social media intermediaries to include the same and all such intermediaries which have users above a notified threshold and whose actions can impact electoral democracy or public order, have obligations to provide a voluntary user verification mechanism for users in India. The data bill has covered the major problems faced in the pandemic like storing of data without data principal knowing that its data is being stored or processed by the data fiduciary. The data bill covers significant problems the country faces in the present scenario as the data violation can be by any so keeping open the definition of data fiduciary the bill has tried to cover maximum entities or organisations.
OTT REGULATIONS
The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules of 20217 have been enacted by the Central Government under the powers conferred to it by Sections 69 A (2), 79 (2) (c) and 87 of the Information Technology Act, with harmonization with the Ministry of Electronics and Information Technology and the Ministry of Information and Broadcasting. The formulation of these Rules is in response to the growing criticism against the government, while it recognizes the right to criticize and disagree as an essential element of this country's democracy. The government in its press release8 has expressed the view that there have been widespread concerns about issues relating to digital contents both on digital media and OTT platforms or certification. A number of PILs as well as other cases against OTT platforms were also filed before various High Courts of the country and before the Supreme Court of India, calling for regulation of content that was being aired through the OTT platforms. While the objective of the Rules was to provide a robust complaint mechanism for social media and OTT platform users to address their grievances, the outcome of these is yet to be seen.
The Rules emphasize the need of social media intermediaries and online content providers to strictly comply with the Constitution and domestic laws of India and also to instil a sense of accountability against misuse and abuse by social media users and is the first of its kind to bring social media use under the regulatory framework of the Information Technology Act. There have been numerous controversies where the creators either pre-emptively removed the entire episode or deleted a few scenes, based on political malice ("The John Oliver Show", "Patriot Act", "Madam Secretary") or invited confrontations because of religious backfiring ("Tanishq", "A Suitable Boy")
In September 2020, OTTs, including Disney+Hotstar, Amazon Prime Video and Netflix, delivered a selfregulatory code named, "Universal Self-Regulation Code for Online Curated Content Providers", however it couldn't gather government support.
The solid rights contention against censorship, which frequently comes in the semblance of regulation, is that the substance is on-demand, where watchers have the option to pay and in this manner pick what they want to watch. On the other hand, the contentions against self-regulation are that the OTT platforms need lucidity with regards to specifying all manners of regulation and that nobody ought to be a judge in their own cause (there being an irreconcilable situation and a conflict of interest of OTTs with the complainants).
All things considered, there is no solid argument that after censorship or possible certification or even regulation, there would not be resistance to it. For example, movies like 'Padmaavat' and 'Udta Punjab' had pulled in significant discussions and controversies even after they were certified by the CBFC. Even 'Tandav', a web series which aired over Amazon Prime Video, ran into controversy and the I & B Ministry summoned Amazon Prime officials and the makers thanked the Ministry for "guidance and support" while deleting the dubious scenes. This apparently set a perilous point of reference for the content makers on OTT platforms as in spite of not being legally bound to do so, OTTs have been self-censoring their content. Envision what might unfurl when they would be lawfully bound to this, with the government sitting on their terrace!
In Shreya Singhal v. Union of India9 , the Supreme Court ruled that "online user-generated content cannot be censored until there is a direct incitement to violence", but delegated the question of on-demand content, like that provided by OTTs, to the IT Act.
In Life Insurance Corporation of India v. Prof. Manubhai D. Shah10, as Doordarshan refused to broadcast "Beyond Genocide", a documentary on the Bhopal gas tragedy, the Hon'ble Supreme Court of India agreed with the ruling of the hon'ble High Court's ruling that stopping the broadcast would restrain freedom of speech and expression.
Yet again, in Bobby Art International & Ors. v. Om Pal Singh Hoon & Ors.11, the Supreme Court held that "the producers' right to freedom of expression could not be restricted".
Reiterating K.A. Abbas v. Union of India12, wherein M. Hidayatullah, C.J., held that, "the standards that we set for our censors must make a substantial allowance in favour of freedom thus leaving a vast area for creative art to interpret life and society with some of its foibles along with what is good", the Supreme Court in Bobby Art held that films dealing with socially relevant themes must be subjected to the least censorship.
Indian courts, more often than not, have taken a stance in favour of free speech, which is the second greatest constitutional right after right to life and personal liberty. The Karnataka High Court in Padmanabh Shankar v. Union Of India13 (2019) rightly pointed out that "content aired over OTT platforms are not public exhibitions and should not be censored on the reasoning as absurd as 'social interests matter over individual freedom' (See K.A. Abbas case).
Censorship in the semblance of regulation, which the Rules are set to do, will debilitate political suppositions and innovativeness. This may prompt the creation of limited perspective content that we for the most part see on TV or in theatres. The regulation will likewise chillingly affect free speech as makers would now forgo portraying scenes drawing in attention and controversies even in an equal world.
A self-regulatory body may be more beneficial as the crowd will have the choice to watch assorted types of artistic presentations as opposed to being fed propaganda through conservative portrayals and limited views. In any case, OTTs ought to give proper disclaimers and age verification mechanisms for specific kinds of content.
Footnotes
1 Section 5 of Personal Data Protection Bill,2019
2 Section 7 of Personal Data Protection Bill,2019
3 Section 11 of Personal Data Protection Bill,2019
4 Section 20 of Personal Data Protection Bill,2019
5 https://www.prsindia.org/billtrack/personal-data-protection-bill-2019 (last visited on 25.03.2021)
6 Supra note
7 https://www.livelaw.in/pdf_upload/it-rules-2021--389746.pdf (last visited on 25.03.2021)
8 https://www.pib.gov.in/PressReleseDetail.aspx?PRID=1700766 (last visited on 25.03.2021)
9 Shreya Singhal vs. Union of India (2015) 5 SCC 1
10 Life Insurance Corporation of India vs. Prof. Manubhai D. Shah (1992) 3 SCC 637
11 Bobby Art International & Ors. vs. Om Pal Singh Hoon & Ors. (1996) 4 SCC 1
12 K. A. Abbas vs. Union of India (1970) 2 SCC 780
13 Padmanabh Shankar vs. Union of India 2019 SCC OnLine Kar 3087
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.