The Personal Data Protection Bill 2019
No:1. The Personal Data Protection Bill 2019 (PDP Bill
2019) was tabled in the Indian Parliament by the Ministry of Electronics and
Information Technology on 11 December, 2019.
No:2. As of March, 2020 the Bill is being analyzed by
a Joint Parliamentary Committee (JPC) in consultation with experts and
stakeholders.
No:3. The JPC, which was set up in December, 2019, is
headed by BJP Member of Parliament (MP) Meenakshi Lekhi.
No:4. While the JPC was tasked with a short deadline
to finalize the draft law before the Budget Session of 2020, it has sought more
time to study the Bill and consult stakeholders.
No:5. The Bill covers mechanisms for protection of
personal data and proposes the setting up of a Data Protection Authority of
India for the same.
No:6. Some key provisions the 2019 Bill provides for
which the 2018 draft Bill did not, such as that the Central government can
exempt any government agency from the Bill and the Right to Be Forgotten, have
been included.
Following are the main provisions of the bill :
No:1. The Bill removes the requirement of data
mirroring (in the case of personal data). Only individual consent for data
transfer abroad is required.
No:2. The Bill requires sensitive personal data to be
stored only in India. It can be processed abroad only under certain conditions
including approval of a Data Protection Agency (DPA).
No:3. Critical personal data must be stored and
processed in India.
No:4. The Bill mandates fiduciaries to provide the
government any non-personal data when demanded.
No:5. The Bill also requires social media companies,
which are deemed significant data fiduciaries based on factors such as volume
and sensitivity of data, to develop their own user verification mechanism.
No:6. The Bill includes exemptions for processing data
without an individual’s consent for ‘reasonable purposes’, including the
security of the state, detection of any unlawful activity or fraud,
whistleblowing, medical emergencies, credit scoring, operation of search
engines and processing of publicly available data.
No:7. Each company will have a Data Protection Officer
(DPO) who will liaison with the DPA for auditing, grievance redressal,
recording maintenance and more.
No:8. The Bill calls for the creation of an
independent regulator Data Protection Authority, which will oversee assessments
and audits and definition making.
No:9. The Bill stated the penalties as : Rs. 5 crores
or 2 percent of worldwide turnover for minor violations and Rs. 15 crores or 4
percent of total worldwide turnover for more serious violations.
No:10. Finally, it legislates on the right to be forgotten.
With historical roots in European Union law, General Data Protection Regulation
(GDPR), this right allows an individual to remove consent for data collection
and disclosure.
No:11. It also grants individuals the right to data
portability and the ability to access and transfer one’s own data. It also
grants individuals the right to data portability, and the ability to access and
transfer one’s own data.
No:12. The Bill proposes limitation’ ‘Purpose and
‘Collection limitation’ clause, which limit the collection of data to what is
needed for ‘clear, specific, and lawful’ purposes.
Positive Aspects of the Data Protection Bill 2019
No:1. Data localisation can help law-enforcement
agencies access data for investigations and enforcement.
No:2. A strong data protection legislation will also
help to enforce data sovereignty.
No:3. Data localisation will also increase the ability
of the Indian government to tax Internet giants.
No:4. Social media is being used to spread fake news,
which has resulted in lynchings, national security threats, which can now be
monitored, checked and prevented in time.
No:5. Instances of cyber-attacks and surveillance will
be checked.
Negative Aspects of the Data Protection Bill 2019
No:1. Many contend that the physical location of the
data is not relevant in the cyber world. Even if the data is stored in the
country, the encryption keys may still be out of reach of national agencies.
No:2. National security or reasonable purposes are
open-ended terms; this may lead to intrusion of the state into the private
lives of citizens.
No:3. Technology giants like Facebook and Google have
criticised the protectionist policy on data protection (data localisation).
No:4. Protectionist regime suppresses the values of a
globalised, competitive internet marketplace, where costs and speeds determine
information flows rather than nationalistic borders.
No:5. Also, it may backfire on India’s own young
startups that are attempting global growth, or on larger firms that process
foreign data in India.
Suggested : What is Bharavi | Indian poet Bharavi
No comments:
Post a Comment