A child born today will grow up with no conception of privacy at all. They'll never know what it means to have a private moment to themselves, an unrecorded unanalyzed thought. And that's a problem because privacy matters. Privacy is what allows us to determine who we are and who we want to be Edward Snowden

Privacy, in this day and age is only governed by general Contract principles mainly based on fiduciary relations and with data hungry Service Providers dispersed all over the Internet, it is imperative for countries to have strong data protection regimes to counter such data theft.

Background
The Constitution of India does not guarantee the Right to Privacy as an absolute right. However the nine-judge bench in the case of K.S. Puttaswamy v. Union of India[1] observed that Right to Privacy is an intrinsic part of the Right to Life and personal liberty guaranteed under Article 21 of the Constitution of India and hence, is limited by the procedure established by law.

The Data Protection Bill, 2019

Ensuing the landmark judgment of the Apex Court, the Government of India was compelled to introduce a legislation averring the privacy of personal data of individuals. A committee of experts was appointed under the Chairmanship of Justice B.N. Srikrishna by the Ministry of Electronics and Information Technology. The Committee was designated with the task of drafting a legislation in this regard.

The definitive Personal Data Protection Bill was released on December 11, 2019. This legislation was critically analysed by experts all over the country who stated that the draft was endowed with loopholes which provided a blanket immunity to the State in the form of exceptions which could cause appalling issues in future.

Data Protection Regime peculiarly deals with 2 entities:

State/ Service Providers
Citizens/ Users
There exists a Power Asymmetry between these two entities. To rule out such irregularities, there is a requirement of a strong legislation that safeguards the interests of both the parties. The Data Protection Bill, 2019 lacks this attribute. Individual Privacy is of utmost importance. It is the User that requires Privacy and not the State/ Service Providers. The Government, however should be forthright in such matters and must be placed in a position where it can be held accountable, bound by limitations.

There have been instances where the people have observed unreasonable use of omnipotent power by the Government. One such instance was bought in focus in Uttar Pradesh in 2018 when several potato farmers in distress stockpiled quintals of potatoes outside Government residential areas. Agitated by this, in order to catch hold of the culprits, the Government put around 10000 phones under surveillance. The Privacy of thousands of citizens was infringed to apprehend two culprits. Evidently, it was not mandatory to take such an extreme step and put several citizens privacy at stake for a single case.

Such acts where the State holds immunity by virtue of the law currently under scrutiny can only be snubbed if there are restrictions imposed on the Government to ensure privacy of individuals is not hampered at any stage in the discharge of any peculiar duty.

Potential Solution
The present day Internet/ social media/ applications is built on free service in exchange of user information as consideration. The Service Providers have now become data hungry. It is imperative to have legislations that intend to safeguard the users/citizens from the onslaught of their personal information. The present legislation in scrutiny The Personal Data Protection Bill,2019) bears various escape clauses, the primary shortcoming being the grant of boundless access of personal information to the State as a let-out clause.

With the current status of this legislation being under consideration of the Joint Parliamentary Committee, several experts from various fields have gathered together to form a committee with the aim to draft a legislation that proves to be a boon for the country with legitimate balance of power and duties between the two entities. This draft is known as the Indian Privacy Code[2].

To summarize, the Indian Privacy Code, 2018 is a synthesis of Supreme Court judgments, including the landmark judgment in Justice K.S. Puttaswamy v. Union of India and best practices from international texts such as the European Union's General Data Protection Regulation. This includes the right to explanation on algorithmic decision making, reducing the power of black box systems etc[3].

The Cambridge Analytica controversy compelled several countries to come up with laws that aid in guarding the personal information of their citizens from potential cyber threats. One such regulation brought about by the European Union on data protection and privacy is The General Data Protection Regulation (GDPR)[4]. GDPR is considered as a comprehensive strict legislation that has aided in conservation of the data of their citizens.

It was due to the uncompromising sections under GDPR that the new Whatsapp policy couldn't make its way to individual's data in the European Union. It is imperative to derive inspiration from such laws and adopt the relevant sections in these laws with reasonable changes giving due regard to the Indian framework and variables.

7 Principles Of The Indian Privacy Code [5]

1. Individual Rights Are At The Center Of Privacy And Data Protection
2. A Data Protection Law Must Be Based On Privacy Principles
3. A Strong Privacy Comission Must Be Created To Enforce The Privacy Principles
4. The Government Should Respect User Privacy
5. A Complete Privacy Code Come With Surveillance Reform
6. The Right To Information Needs To Be Strengthened And Protected
7. International Protections And Harmonisation To Protect The Open Internet Must Be Incorporated

Conclusion
Privacy is not something that one merely entitled to, it's an absolute prerequisite - -Marlon Brando
It is the duty of the Government to provide meaningful legislations to safeguard their subjects but, it also our responsibility as citizens to be cautious about our Online Identity because:
If you care about privacy online, you need to actively protect it - - Roger Dingledine

End-Notes:

1. (2017) 10 SCC 1
2. https://saveourprivacy.in/bill
3. https://saveourprivacy.in/principles
4. https://gdpr-info.eu/
5. https://saveourprivacy.in/principles