DATA PROTECTION AND 5G: INDIA’S QUEST FOR 5G AND THE NEED FOR A STRONG DATA PROTECTION LAW

  “None of the main issues which humanity is facing will be resolved without access to information,”    -Christophe Deloire[i]

India is taking various steps towards realizing its dream of becoming a truly digital economy. The vision of the implementation of 5G soon is one of the ambitious and significant aspects of this whole idea. The launch of 5G will be acting as a game-changer in the world of information and technology. It will not only be a golden opportunity to empower the national economy but will also help in providing better facilities to the citizen. Issues such as what is 5G and what is so unique about it, what will be the impact of 5G on the telecom sector, How it will going to impact the Indian economy as a whole, what will be the legal hurdles before rolling out the 5G amongst others are being raised regularly. In this article, we will be dealing with India’s Quest with 5G Technology with particular emphasis on why we need to have a strong data protection law before the launch of an important and ambitious technology such as 5G which appears to be a potential game-changer for Indian economy.

INDIA’S PREPAREDNESS FOR 5G CONNECTIVITY

India’s digital economy may reach USD 5 trillion in the next few years and an important reason behind it will be the growth of India as the largest selling Smartphone country in the world as well as the growth in the number of people using the social media along with various other digital services. These are the main reasons that India as a potential superpower is in the race to become a large digital economy.  Since the year 1995, when mobile service was first launched in India, mobile networks have been an engine of digital transformation. And now today developed countries are looking to adopt 5G soon, India also appears to be all set to implement the 5G network shortly.

However, before implementing the 5G, we should also consider the challenges that India is facing currently with Data protection being one of it. Data will be of great significance in this high-speed world of 5G, hence, it is important for us to have a strong data protection law in order regulate the protection of data. There are ongoing cybercrimes, hackings, trading and instances selling of personal data to the third party who has made a lot of stakeholders to worry. Data protection is a burning question in India, and various phone operators have cautioned the government about the security concern over the data protection before implementing the 5G in India. The government has assured that they’ll be establishing strong frameworks for deployment of Secure 5G services.

 It is said that data is the 21st-century oil. Data, as we know, has now become an immensely valuable and precious resource in the world, so processing of any data must be implemented while understanding national and international security concerns. Not just India, even powerful countries such as the USA recently was in controversy with the case of Cambridge Analytica for stealing personal data. This controversy was about influencing the behaviour of voters in the 2016 USA presidential election campaign, which created a lot of hue and cry. Even the European Union adopted the General Data Protection Regulation (GDPR) in the year 2016, which will regulate data protection in European Union Countries with the commendable service i.e. right to be forgotten. The GDPR (General Data Protection Regulation) replaced the General rules on data protection, 1995. The California Consumer Privacy Act (CCPA), 2020 in USA is another example[ii]. Unfortunately, the critical question today should not be about getting high-speed internet facility but instead should be about the need of a substantial provision for the strict data protection law.

The digital revolution has a significant impact on India’s GDP and will continue to do so. This digital revolution, on the one hand, helped an individual to connect to the whole world with the help of a Smartphone and mobile phones while on the other hand there is nothing personal left for an individual once he enters the digital world. It is also concluded by various reports that online companies are trying to steal the personal data information for their benefit to know the customer well and to understand their wants and needs. All these require greater scrutiny and a strong data protection law is the need of the hour.

CONUNDRUM OF DATA PROTECTION LAW IN INDIA:

The apex court of India in the case of Justice (Retd.) K.S. Puttaswamy vs. Union of India, held that right to privacy is a fundamental right under article 21 of the constitution of India. Still, unfortunately, we do not have proper law for data protection in India. The draft Personal Data Protection Bill is pending and has not been passed yet in the parliament.

After this cause célèbre, privacy became a hullabaloo in India. But, unfortunately, we still do not have a statute for data protection in India. The concern with respect to misuse of data has been a long standing one and it is high time that it should be addressed. After the Justice (Retd.) K.S Puttaswamy case, The Personal Data Protection Bill 2018, drafted by Retd. Justice BN Sri Krishna and its wide range of provision is the need of an hour but, issues such as the lack of safeguards and the question as to who will own the data of individuals were missing in this bill, leading to severe criticisms. There had been tussle over the bill with the most important in our context being no talk of right to erasure of data, the bill Instead of adding the concept of Right to forget said that the data collector and processor can only restrict it or stop it from sharing, but with no concept of erasing it.[iii]

Again, in December 2019 an effort had been made by the Ministry of Electronics and Information when they introduced The Personal Data Protection Bill 2019, with the concept of erasure. Section 18 of this bill provides the concept of erasure which means that right to erase personal data which is no longer necessary[iv]. But, again with so many exemptions like National security, public order and friendly relation with foreign state, all efforts proved futile. Justice, B.N Sri Krishna who himself drafted the Data protection Bill 2018, said that the bill can turn India into “Orwellian state”.

Let us discuss some major pitfalls in the Data protection Bill 2019, and they are following:

1. Section 35 of this bill gives government untrammelled power, so that the government can do anything for accessing personal data and even no procedure has been laid down for accessing the personal data, is one of the major pitfalls in this bill.

2. The provision for processing of personal data with consent by state can be accepted but, processing of personal data without consent for the purpose of employment is a highly debatable issue. And can become a major challenge to tackle when any crucial data stolen by employees. The section 13 of this bill, which talks about the ground for proceeding of personal data without consent of employee in employment, is a serious concern.

3. The earlier bill presented by the B.N Krishna committee has laid down the procedure for formation of DPA (‘Data protection Authority’), which comprise the members not only from the executive but also the people outside the executive group. Whereas, the Personal Data Protection bill 2019, talks about the establishment of the DPA, with the composition of members only appointed by central government and thus with no independent, transparent committee turning the concept of appointment into arbitrariness, The Personal Data Protection Bill 2019, is an undemocratic and a disheartening step-down from even the previous draft.

Though the draft of Personal Data Protection Bill 2019, is given to the joint parliamentary committee for their suggestion, which should seriously consider this problem. Data protection laws are much needed before the 5G technology but in the current form The Personal data protection bill 2019, has multiple shortcomings which need to be addressed. Hence, before the next G in the telecom sector comes, we all need strict data protection law.

Rolling of 5G with stainless Personal Data Protection Law:

5G is the next generation communication technology that will eventually substitute the existing 4G technology. Nevertheless, there is a requirement that the Indian government should strictly employ the 5G connection with a prudent approach. The Personal Data Protection Bill 2019 is having the significant loopholes which can affect the valid rationale behind the rolling out of 5G viz. highly secured and lighting fast networking system.

Section 34 of the Personal Data Protection Act 2020 outlines the requirements for local transition, which means that data does not leave the country for potential 5G users’ data security. Another big flaw in the bill which can undermine the 5G users’ spirit. That is to say, accessing personal data on the state requirement and providing the Indian Government with unregulated control. Hence, rolling of 5g can only be possible with a stainless Personal Data Protection Law. The Personal Data Protection Bill 2019, should be made open for general public discussion so that future 5G users suggests a legal solution and enjoy the facility of 5G without any iota of doubts in their mind. Otherwise, it will only be a next G with severe security predicament.

CRITICAL ANALYSIS AND CONCLUDING REMARKS

Although Companies such as Nokia and Huawei have advocated the rolling out of 5G as soon as possible citing the architecture of 5G as much more secure compared to earlier technologies because of its distinctive architecture, it is also said that the encryption of 5G could only be broken through quantum computers which in itself is a thing of future. However, it is essential to note that in order to create a system of checks and balances every revolution requires a regulation which this revolution of 5G will also need. Therefore the concerns raised by the experts concerning security holds more value over the arguments of companies who are in favour of fast-rolling of 5G. In our opinion, every concern of every stakeholder should be addressed before taking any major decision in this regard. In a global scenario where there already is a bitter rivalry going on between USA and China over role of Huawei in this whole saga where the proposition is with respect to 5G and data protection.  India should keep its cards closed, and India should play safe and bring in the squeaky clean Personal data protection law first. When data protection laws is enacted with issues such as data portability, data localization and any violation of data security would fall naturally within its domain, which would be land legislation — thereby paving the way for smooth rolling out 5 G technology.

REFERENCES

[i] Christophe Deloire is Secretary-General of Reporters without Border.

[ii] California Consumer Privacy Act (CCPA), 2020

[iii]PERSONAL DATA PROTECTION BILL 2018, Sec. 27.

[iv] PERSONAL DATA PROTECTION BILL 2019, Sec. 18.

ABOUT THE AUTHOR(S)

Raja Reeshav Roy is a 4th Year, BA LLB Student at National Law University Jodhpur. He has a keen interest in Indian and International Politics and is interested in Intellectual Propert Law, Constitutional Law. and Policy Making.

Prince Pathak is a 3rd Year BA LLB Student.at Faculty of Law , Banaras Hindu University. He is interested in Corporate Law and Domestic Criminal Law.

In content picture credits: mobileworldlive