The Indian law, which resembles EU’s GDPR in some ways, is largely in line with the consensus in democratic societies. Reconciling these two laws with similar rulings in other countries can be a first step towards setting globally accepted standards on this subject.
Microsoft CEO Satya Nadella’s assertion that data privacy should be considered a human right is very much in line with the Indian Supreme Court’s 2017 judgment that held the right to privacy to be an integral part of the fundamental right to life.
The second part of Nadella’s statement on the need for global norms, in place of local rules, therefore, has merit.
READ MORE ON DATA:
“I look forward to a world where… just (as) we have food safety laws, we have drug safety laws, there will be, similarly I think, rules and regulations (on data). Hopefully, there is a global norm around (this soon). One thing that I would hope for is that we don't fragment (the rules). We are able to—whether on privacy or safety—bring together a set of global rules that will allow all of us to both comply and make sure that we know what we build is safe to use," Nadella said at a recent virtual interaction with Telangana’s IT and Industries Minister K.T. Rama Rao at BioAsia 2021.
In fact, India has already walked two steps in that direction. The proposed Indian data protection law, which has been pending since 2019, is largely based on EU’s General Data Protection Regulations (GDPR) and once enacted, will completely overhaul the country’s data privacy regime.
It contains stringent norms for the use of personal data, brings in a federal regulator for data protection, gives individuals much broader rights over their own data and mandates localisation rules for some types of sensitive data.
A report titled “Supreme Court Declares Right to Privacy a Fundamental Right” dated August 31, 2017 on the website of Trilegal, one of India’s largest law firms, says: “This decision (on privacy being a part of the fundamental right to life) has connected our privacy jurisprudence over the years with our international commitments and established our conformity with comparative laws around the world.”
“In my considered opinion, the right to privacy of any individual is essentially a natural right, which inheres in every human being by birth. Such right resides in the human being till he/she breathes last. It is indeed inalienable and inseparable from human beings. In other words, it is born with the human being and extinguishes with the human being,” wrote Justice Abhay Manohar Sapre, one of the nine judges who pronounced the historic judgment.
As noted in the Trilegal study, these findings are in line with the norms of most liberal democracies around the world and embody Nadella’s dream of treating data privacy as a human right.
Since India’s data privacy law will have to be compliant with the Constitution, it should, drawing from the Trilegal interpretation, also be in consonance with global regulations on this subject.
“As the technology becomes so pervasive in our lives, in our society, in our economy… we need to take responsibility, to ensure … we build for privacy, we build for security, we build for AI ethics, we even build for internet security,” Nadella said, adding: “In privacy today, all over the world there are regulations. Europe was the first with GDPR and it is spreading fast. Privacy is human right and I think it will be recognised.”
Though some experts feel it will be sometime before Nadella’s dream of having common global norms on data privacy may still be some way off, reconciling laws from different jurisdictions to at least point them in the same direction to bring about a broad unity of purpose, could be a good interim measure.
And India is already well on its way to having data privacy norms that are compliant with global norms.