I have discussed at length the absence of privacy and data protection standards in India. Hence it came as quite a surprise, that a bill on data protection had been introduced in the Rajya Sabha. The bill is titled as The Personal Data Protection Bill, 2006 and was introduced on December 8, 2006 by MP. Vijay J. Darda. It is odd that despite of constant media attention on the lack of a data protection law in India, I found no news reports discussing the bill or notifying its introduction.
The bill seems to proceed on the general framework of the European Union Data Privacy Directive, 1996. It follows a comprehensive model with the bill aiming to govern the collection, processing and distribution of personal data. It is important to note that the applicability of the bill is limited to ‘personal data’ as defined in Clause 2 of the bill. However, there is cause for cheer for privacy advocates.
The bill applies both to government as well as private enterprises engaged in data functions. There is a provision for the appointment of, “Data Controllers”, who have general superintendence and adjudicatory jurisdiction over subjects covered by the bill. I was particularly enthused at seeing that penal sanctions may be imposed on offenders in addition to compensation for damages to victims.
The bill is clearly a step in the right direction. However due to the paucity of information, I cannot say, at what stage the bill is pending (if at all). Till then we can just allay our privacy fears with a quote attributed to Scott McNealy. “You already have zero privacy anyway. Get over it.”