THE INKWELL AND THE ALGORITHM: THE EVER-EVOLVING SCRIPT OF PRIVACY

1. From Clay-Tablets to Clickstreams: A Historical Perspective on Data and

Data, an aspect that has been in existence since time immemorial. In an optimistic tone, perhaps
data was our first step towards creating a language, as far as Anthropology is concerned. Data
being collected and stored, evidence collected even from 5000 years ago, was one of the earliest
human attempts at communicating via a written text. At the time and for a very long time since,
it was majorly associated with administrative data, tax records and its paraphernalia. Privacy,
a factor that most humans around us hug tighter to humanity, let it be an individualistic or even
a collective stance, in contrast with the ‘artificiality’ that is almost always connoted with the
term data in the contemporary era, was not so always. Privacy came into existence late and the
combination with data, even later.

2. The Silken Veil of Privacy – Unwrapping the Evolving Discourse

Not taking anything of the fact that privacy has been a concept since ancient times.1 With solid
proofs of the ceased but once existed Hammurabi Code and Roman laws, privacy was never
something purely alien to the human society, even the biblical references of Adam and Eve
covering their body for the same. However, it became particularly prominent with advent of
technology, especially the modern part of it. From a global perspective, the modern discourse
on privacy began with the use of cameras and expanded with the development and use of
computers, leading to the collection and storage of personal data on individuals2. This raised
concerns about privacy erosion and the emergence of a surveillance society. An article, first in
1890, titled “The Right to Privacy” is considered to be one of the first landmark articles on the
same.3 Narrowing it down to India, although the concept of Privacy was not very well delved
into by the Constitution nor it was explicitly mentioned anywhere, the idea has evolved through

1
core.ac.uk/download/pdf/4816793.pdf
2
IFIPAICT, volume 298
3
Journal of American Studies 17 (2016): 211-219
judgements, a major one which would be needless to say emerged in the case of K.S.
Puttaswamy v/s Union of India.4

3. The Venture from Dharma to Data – The Shifting Sands of Privacy in a

The existing scenario in India, which is the prime focus for this paper, has traditionally been
inclined towards a more collectivistic society, that being the crux of the reason as to why
discussions and debates regarding the same were sporadic in nature. The collective social views
which stood in stark contrast to the western concept at the time, which used to keep the aspect
of privacy with sanctity and as a concept that was essentially inalienable from individual
existence had a visible shift post the LPG reforms5 in 1991. The perspectives were now
influenced by a plethora of western media and the Indian audience had finally started to become
more expressive in terms of safeguarding their own interests or even of their loved ones.
Despite all of this, the traditional collectivist notion was maintained. It is interesting to note
that the concept of privacy had had its glimpses in the Swaraj Bill 6 and subsequently in the
Commonwealth of India Bill later in 1925.7

4. Privacy: From Constitutional Principles to Global Perspectives

In the present world, privacy is a near intrinsic concept to each and every jurisdiction around
the globe. Protective mechanisms span from constitutional regulations to intricately tailored
solutions for specific aspects of individual life. In India, it is not just the precedents that now
safeguards but even multifarious international conventions and universal regulations. While
stating that the textual matrix of the Constitution of India did not delve upon the same, the
creators certainly did and one its prime advocates in its time was BR Ambedkar himself. The
scope and definition regarding the same are given a vast purview and has put into rolling by

4
2019 (1) SCC 1
5
The Indian Journal of Political Science, JAN. - MAR. 2006, Vol. 67, No. 1
6
https://www.constitutionofindia.net/
7
https://www.constitutionofindia.net/
the judiciary. The European Convention on Human Rights was one of the first international
documents which highlighted the importance of the concept in an individual’s life.8

8
European Convention of Human Rights, 1953.
 INDIA'S DATA ODYSSEY: UNTANGLING THE WEB OF PRIVACY IN A DIGITAL DEMOCRACY

1. India's Data Crossroads: Balancing Innovation and Privacy in a Digital Age

In the modern era of digital components encompassed in nearly anything and everything in
our proximity, where data traverses the globe at the speed of light and personal information
becomes the currency of the digital marketplace and India stands at a legislative crossroads.
The nation’s commitment to protecting its citizens’ data privacy is not just a legal challenge
but rather a societal imperative. Various legislations, and particularly the Digital Personal
Data Protection Act, 20239, marks a watershed moment in this journey, reflecting a nuanced
understanding of the digital landscape and a robust response to the clarion call for privacy.
This act is crucial for India's laws, aiming to balance innovation with individual rights and
economic interests with ethical concerns. As we examine this significant legislation, we
unravel the legal intricacies designed to safeguard personal data privacy in the world's largest
democracy. Created to be protective or to be pretentious, that is the question.

2. Reverberating Echoes: India's Quest for Data Protection Laws

Although Information and Communications Technologies (ICTs) have greatly enhanced our
capacities to collect, store, process and communicate information, it is ironically these very
capacities of technology which make us vulnerable to intrusions of our privacy on a
previously impossible scale. The Information Technology Act, 200010 which entailed its crux
in aspects such as e-commerce, cybercrime and data security. It was perhaps, one of the first
legislations with the objective to regulate e-governance in India and it was decent for its time
so to say. It had adequate measures against phishing, electronic voyeurism and even
children’s privacy in the online, which were major menaces for its time.11 However, rapidly
evolving times had hues and cries for more comprehensive and stronger-in-nature
legislations, similar to the western counterparts.12 India’s journey towards the creation of a

https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf
10
https://www.meity.gov.in/content/information-technology-act-2000
11
Demystifying Data Breaches in India — The Centre for Internet and Society (cis-india.org)
12
L281, 23 November 1995, p. 31–50
comprehensive data protection law began in the 2010s. The Srikrishna Committee set up in
2011 had the objective to examine the issues surrounding data privacy and recommend
appropriate safeguards.13 The committee subsequently submitted their report in 201814 which
led to the furtherance in the matter as far as the creation of the first draft of Data Protection
Bill, 201915 was concerned. The bill had numerous revisions and sparked a plethora of
debates and discussions. Governments unfettered access to data, data localization
requirements and the potential impact it would have on innovation were nubs of the matter. A
Joint Parliamentary Committee was set up in 2019 which reviewed the bill extensively and
submitted its report in 2021. The recommendations made were primarily addressing several
of the original concerns, paving the way for the revised Digital Personal Data Protection Bill,
2022.

3. From Draft to Dawn: The DPDP Act - A Holy Grail or a Work in Progress?

The Digital Personal Data Protection Act, 2023 had its genesis now. The baptism was
undertaken by several previous drafts, giving it a holy stature in the field of data protection, at
least from the governmental perspective. The essence of the Act lies in granting individuals’
substantial authority over their personal information, encompassing rights like access,
correction, deletion, and limitation of processing. Additionally, the Act places rigorous
responsibilities on data custodians, including businesses and governmental bodies, to guarantee
the lawful and ethical management of personal data. The Act gave more weightage to ‘sensitive
personal data’, established data fiduciary obligations and restricts the data transfer to countries
without adequate laws. Although the Act has its foundations built in concrete, the efficacy relies
on the implementation. It is to be simultaneously remembered in mind that sufficient resources
for the board in terms of skillset is a requisite for the success along with scope for potential
international harmonization. As far as the theory part is concerned, although it has itsvoids and
gaps, as any legislation would, it provides a more or less ubiquitous application and narrows
down for specificity when required.

13
https://legalaffairs.gov.in/sites/default/files/Report-HLC.pdf
14
https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf
15
Bill No. 373 of 2019
 RESULTANT RESURGENCE: A STEPPING STONE OR A SIREN SONG?

Within the complex weave of India's digital progression, the third and the climaxing phase of
our exploration emerges as a kaleidoscope of resurgence, where the threads of progress
intertwine with the hues of challenge, none of them vibrant and none of them subtle, both in a
stage of near equilibrium. This phase, a testament to the duality of innovation, unfolds a
narrative that is as much about the triumphs of legislative foresight as it is about the
tribulations of adaptation. We're on the edge of a big change. Data laws are becoming more
important, bringing trust and empowerment. But we're also dealing with challenges as society
adjusts to new technology. As we move forward, we see both successes and unanswered
questions in India's journey with data protection. The question as previously asked upon in
the paper, is reiterated here, to be protective or to be pretentious, that is the question.

The clarity of impact it would have on individuals, corporations and even the digital economy
in its entirety would unfold in the years to come for sure. Just as we observed the
establishment of stringent standards, we also encounter equivalent rigor in the exceptions
delineated, that ranges from publicly available personal data to benefits that could be availed
by startups if exemptions are notified by the government. Thus, setting it far from the realm
of being deemed a draconian piece of legislation. India’s approach to privacy laws is quite
different (as far as DPDP is concerned) as to the Europe’s GDPR16 even insofar as the
implementation aspect is considered. Counterintuitive to some, India has had more rapid
digitization compared to Europe as far as this decade is accounted for17 and owing to the
same, required variation which it embodies. For instance, it has stricter rules for data
processing and grants many exemptions to government entities. Regulatory authorities can
also refine the law and give exemptions to certain parties. Additionally, a unique provision
allows the government to request information from data custodians, the Data Protection
Board, and intermediaries. Furthermore, authorities can block public access to particular data
on computer systems.

The partly dystopian looking theory of mass surveillance, something that the masses
themselves frown upon while being paranoid within, is something that requires at the very

16
Regulation (EU) 2016/679
17
State of India’s Digital Economy (SIDE) Report, 2024.
least, an iota of our attention. Theories of using big data for purportedly evil purposes is not a
novel imagination and nor is it very far from the ground reality.18 Why go further afield when
a comparable incident occurred right in Hyderabad in the recent times? A case of personal
surveillance occurred against a person called Massoud without any cogent reasons
whatsoever.19 It becomes exponentially more interesting when it is known that an
organisation, furthering in the research for the same was denied the permission to interview
or to establish any sort of communications with the governmental departments.

The referenced incident might be dismissed by counter-citing baseless accusations, but how
many similar instances exist? The absence of stringent data protection laws in India, unlike
those in Estonia, the foundational model for the entire EU, emboldens citizens to scrutinize
every piece of information collected about them. While the legislative framework may appear
robust, can it effectively address all potential loopholes during its implementation? It appears
that the answer is not always in the affirmative.

18
How governments use Big Data to violate human rights (theconversation.com)
19
India: Hyderabad ‘on the brink of becoming a total surveillance city’ - Amnesty International