Posted in GS 2, Editorial Analysis, Governance

The dangers in the Digital Personal Data Protection Bill

 August 3, 2023  Leave a comment
Data protection bill

Syllabus: GS 2- Governance, Polity

Source: The Hindu digital (Lead) – 02/08/23

Context: The government is set to introduce the Digital Personal Data Protection (DPDP) Bill in Parliament.

Content:

  • The Digital Personal Data Protection (DPDP) Bill lays out procedures on how corporations and the government can collect and use information and personal data of citizens.

What is a Personal Data?

  • Personal data is information that relates to an identified or identifiable individual. 
  • Personal data is processed by businesses and government entities for delivering goods and services.
  • Processing personal data helps to understand the preferences of individuals, which can be useful for personalisation, targeted advertising, and developing recommendations.
  • Processing personal data may also help law enforcement.

Data Protection

  • Data protection is the process of safeguarding and preserving data from harm, loss, or corruption.
  • Data protection is very important in today’s world, where data is created and stored at an unprecedented rate.

Importance of Data Protection

  • Avoid data leaks and online attacks that can result in monetary losses, tarnished reputation, legal responsibility, and customer distrust.
  • Enhance data management and quality by ensuring that data is dependable, precise, and not subject to unauthorized or unwarranted changes.
  • Enable data driven decision making and innovation.
  • Ensure ethical and responsible use of data.

Background and Evolution of the Data Protection Bill in India

  • Currently, India does not have a standalone law on data protection. 
  • The Information Technology (IT) Act, 2000 regulates the use of personal data.
  • In 2017, the central government set up a Committee of Experts on Data Protection, headed by Justice B. N. Srikrishna, to study the issues related to data protection in the country.
  • Based on the Committee’s suggestions, the Personal Data Protection Bill was presented in Lok Sabha in December 2019.
  • In August 2022, the Bill was withdrawn from Parliament.
  • In November 2022, a Draft Bill was published for public feedback.
  • In August 2023, the Digital Personal Data Protection Bill, 2023 was introduced in Parliament.

Highlights of the Bill

  • The Bill covers the processing of personal data that is collected online or offline and digitized within India, or outside India if it is related to offering goods or services in India.
  • Personal data can only be processed for a lawful purpose with the consent of the individual. However, consent may not be needed for certain legitimate purposes such as voluntary sharing of data by the individual or processing by the State for permits, licenses, benefits, and services.
  • Data fiduciaries have to ensure the accuracy, security, and deletion of data as per the principles and obligations laid down by the Bill.
  • The Bill grants certain rights to individuals including the right to obtain information, seek correction and erasure, and grievance redressal.
  • The central government may exempt government agencies from the application of provisions of the Bill in the interest of specified grounds such as security of the state, public order, and prevention of offences.
  • The central government will establish the Data Protection Board of India to adjudicate on non-compliance with the provisions of the Bill.

Main concerns of data protection bill

  • The bill is in conflict with the right to information (RTI) act, which allows citizens to access information held by public authorities and make them accountable.The Bill is criticized for seeking to dilute these provisions of the (RTI) Act.
  • Some critics have argued that the bill is in conflict with the right to privacy, which is a fundamental right protected by the Constitution of India.The exemption of the central government and its agencies from the provisions of the bill, which would allow them to access and process any personal data without consent or judicial oversight ( for the purposes of national security, public order, sovereignty and integrity of India, friendly relations with foreign states etc.) could potentially violate the privacy rights of citizens and expose them to surveillance, profiling, discrimination, and misuse of their data.
  • One of the criticisms of the bill is that it does not guarantee the independence and authority of the Data Protection Board, the body that is supposed to enforce the provisions of the law.The centre is empowered to appoint members to the data protection board.The members of the Data Protection Board of India will be appointed for two years and will be eligible for re-appointment.  The short term with scope for re-appointment may affect the independent functioning of the Board.
  • The Bill does not address the potential harms that may arise from processing personal data.
  • The bill allows the central government to make rules and directions for various aspects of the law, without any guidance or supervision from the legislature. This could result in arbitrary and inconsistent application of the law.
  • The Bill does not grant the right to data portability (ie,theright to data portability is a right that allows you to obtain and reuse your personal data for your own purposes across different services)and the right to be forgotten( it refers to the ability of individuals to have their personal information removed from the internet or other public platforms under certain circumstances.)

Related topics

Right to privacy

  • The right to privacy is not explicitly mentioned in the Indian Constitution, but it has been derived from Article 21, which guarantees the right to life and personal liberty.
  • The Supreme Court of India has interpreted Article 21 to include the right to privacy as an essential aspect of human dignity and freedom.
  • The Supreme Court of India, in the historic judgment, Justice K. S. Puttaswamy vs. Union Of India  declared that the right to privacy is a fundamental right under the Indian Constitution.
  • The judgment, known as the Right to Privacy verdict, stated that the right to privacy is inherent in Articles 14, 19 and 21, which guarantee the rights to equality, freedom and life respectively.

Right to internet

  • The right to internet is a term that refers to the right to access and use the internet as a medium of communication, information, education, and expression.
  • The right to internet is also related to the right to freedom of speech and expression, the right to life and personal liberty, the right to education, and the right to work and livelihood.
  • In Faheema Shirin vs. State of Kerala– judgment ,the Kerala High Court declared  the right to the Internet a fundamental right.

Right to Information Act (RTI)

  • The RTI Act empowers citizens to seek information from public authorities in India.
  •  It aims to foster transparency and accountability in the working of the government and its institutions.
  • The RTI Act was passed by the Indian Parliament in 2005.
  • Later,some provisions of the original RTI Act 2005 was amended  and RTI Act 2019 came into force.
  •  According to RTI 2019, the Central Government can decide the term and salary of the Information Commissioners.
  • The main criticism of this amendment act is that they reduce the independence and authority of the Information Commissions, which are meant to ensure transparency and accountability in governance.

Data privacy laws in other countries

  • According to the United Nations trade agency UNCTAD, about 70% of countries worldwide have some form of legislation for data protection.
  • Africa and Asia show different level of adoption with 61 and 57 per cent of countries having adopted such legislations.
  • EU MODEL: The “world’s strictest law on privacy and security” is said to be the General Data Protection Regulation (GDPR) of the EU, which was implemented in 2018.
  • The EU’s landmark General Data Protection Regulation (GDPR) has significantly influenced legislation adopted by almost 160 countries.
  • US MODEL: In US MODEL,Privacy Protection is largely “Liberty Protection”, focused on protecting the individual’s personal space from the government.  Still,It enables the collection of personal information as long as the individual is informed of such collection and use.
  • CHINA MODEL: China’s personal Information Protection Law (PIPL), seeks to prevent the misuse of personal data.The Data Security Law (DSL) enacted in 2021 requires business data to be categorized by different levels of importance and puts new restrictions on cross border transfers.The DSL requires that business data be classified according to relevance to national security and the public interest.
  • Also,it has made laws stricter on how personal data can be transferred to other countries.

Way forward

  • A consultative and participatory process that involves all the relevant stakeholders is necessary before the implementation of the data protection bill.
  • The bill should also be aligned with international standards and best practices on data protection and human rights.
  • The bill should be based on the principles of transparency and accountability.

Reference

Leave a Reply

Your email address will not be published. Required fields are marked *