Data Protection in India: A Comparative Study

Abstract

Data Protection was never an issue in India due to its “VASUDEV KUTUMBKUM” culture. For an example, while it is a common practice in the UK for general practitioners (GPs) to not discuss patient information relating to the wife with her husband, such discussion is quite common in India, where GPs regularly discuss such issues not only with the husband but also other members of the family or the person accompanying the patient. When Indian people are questioned about the word “privacy”, the first thing that comes to their mind is privacy in terms of personal space and subjects, while the US citizens mentions privacy with reference to financial information and identity theft and that is what the correct and accurate anvil on which privacy must be weighed, protected and tested. With the invincible and unconventional development in technology the issues and concerns around data protection has increased on multiple levels and has surfaced to be a point of discourse in India as well. The scope of ‘data’ was primitively limited to an individual’s mere name, address of communication and that was when data mining was considered an important source of business for consultancy firms and BPOs in India. Earlier data protection concerns was limited to BPOs only, but now, data is collected, altered, indexed, stored, processed, shared, and utilized at various fields in India which has been discussed in the paper. For a dearth of a specialized and an all-inclusive data protection law in India, huge issues and instances of data theft has risen, whether it is on a BPO platform or hunting down of an entire digitalized market of a financial institution, along with several other business sector. So to say, the underlying hypothesis of the paper being that a laid out IT Act, 2000 and rules thereto may prove to be of insufficient role and incomplete to address the rising concerns for individuals as well as organizations, be it boutique or of enterprise level. Banks has to move on national television to advertise about not sharing OTP with any caller pretending to be calling from bank is the extreme condition raised due to lack of stringent codified law for Data Protection. Now the government is raising such situations for which Aadhaar enrolment becomes mandatory. Such situation can lead to a disastrous result if the Aadhaar details of the citizen is leaked and misused. The prevailing law is not sufficient enough to protection the vast data. Hence, a separate, stringent and codified law is necessary for India.