This course will provide an introduction to the concept of privacy and its regulation, with a focus on informational privacy and data protection. Students will studythe manner in which thinking on privacy has evolved in India by tracingthe development of privacy jurisprudence in India, and understanding how privacy came to be recognised as a fundamental right by the Supreme Court. We will explore existinglegal frameworks for the protection of privacy in India and the European Union, and the proposed frameworks for data protection in India. At the end of this course, students will have an in-depth understanding of important topics such as notice and consent; data localisation; data minimisation and purpose specification, equipping them with the ability to navigate the complications caused by the tensions between privacy, innovation and economic growth in a world of emerging and fast-moving technology.
In this module, students will explore the concept of privacy from a philosophical perspective, while understanding different kinds of privacy such as bodily privacy, spatial privacy, decisional privacy, and informational privacy.Since the focus of this course is trained on informational privacy, a large chunk of this module will be devoted to understanding the relevance of data protection and other aspects of informational privacy in the age of Big Data.
This module will trace the evolution of the Indian Supreme Court's ("SC") thinking on the issue of privacy. Starting first with the case of M.P. Sharma v. Satish Chandra, which marked the first recorded mention of the fundamental right to privacy in the history of the apex court's decision-making, we will go on to examine the cases of Kharak Singh v. State of Uttar Pradesh, Gobindv. State of Madhya Pradesh, and finally, the seminal case of K.S. Puttaswamyv. Union of India, where the SC recognised the right to privacy as a fundamental right under the Indian Constitution.
This module studies the existing and proposed laws governing the regulation of informational privacy in India. Students will be introduced to core concepts that are key to understanding data protection laws such as notice and consent, cross-border data flows and data localisation. We will begin with an examination of the Information Technology Act, 2000 ("IT Act"), which is the primary law governing the protection of individuals' data at present. However, the extent of data protection offered by the IT Act is fairly limited since it applies only to specific kinds of information that are categorised as 'sensitive personal data or information' under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 notified under the IT Act. Thereafter, we will move on to studying the proposed data protection framework under the Personal Data Protection Bill, 2018 ("PDP Bill"), drafted by the committee of experts under the chairmanship of Justice B.N. Srikrishna.
In this final module, students will be introduced to the General Data Protection Regulation, 2016, (“GDPR”) which lays out the data protection framework for the European Union. An understanding of the GDPR is crucial for a student of data protection, as it has often been referred to as the global 'gold standard' on data protection. In fact, it has influenced the drafting of the PDP Bill as well. This module intends to familiarise students with concepts such as the right to be forgotten under the GDPR, and contrast the treatment of such issues under the GDPR with their treatment under the PDP Bill.
Tuhina Joshi is a policy associate at Ikigai Law, and works closely on emerging technology and innovation focused public policy. Previously, she has worked as a consultant with the Member of Parliament currently representing South Goa, and the Ministry of Law and Justice, and channels this experience towards her work with the team. She has read law at the National Law School of India University, Bangalore, India.