Print Friendly, PDF & Email

Data Protection Bill


GS Paper 2:


Topics Covered:

  1. Government policies and interventions for development in various sectors and issues arising out of their design and implementation.

 

Data Protection Bill

What to study?

For Prelims: Key features of the bill.

For Mains: Concerns and issues.

 

Context: Cleared by the Cabinet, the Personal Data Protection Bill is due to be placed in Parliament.

The Bill has three key aspects that were not previously included in a draft version, prepared by a committee headed by retired Justice B N Srikrishna.

 

How does the bill seek to regulate data?

The bill constitutes 3 personal information types:

  1. Critical
  2. Sensitive
  3. General

Sensitive data constitutes or is related to passwords, financial data, health data, official identifier, sexual orientation, religious or caste data, biometric data and genetic data. It may be processed outside India with the explicit consent of the user.

Critical data will be characterised by the government every once in a while, and must be stored and handled only in India.

General data: Any data that is non-critical and non-sensitive is categorised as general data with no limitation on where it is stored or managed.

 

Other Key provisions:

Data principal: As per the bill, it is the individual whose data is being stored and processed.

Exemptions: The government is qualified to order any data fiduciary to acquire personal and non-personal/anonymised data for the sake of research and for national security and criminal investigations.

Social media companies, which are deemed significant data fiduciaries based on factors such as volume and sensitivity of data as well as their turnover, should develop their own user verification mechanism.

An independent regulator Data Protection Agency (DPA) will oversee assessments and audits and definition making.

Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for auditing, grievance redressal, recording maintenance and more.

The bill also grants individuals the right to data portability, and the ability to access and transfer one’s own data.

The right to be forgotten: this right allows an individual to remove consent for data collection and disclosure.

 

Why does data protection matter?

With a population of over a billion, there are about 500 million active web users and India’s online market is second only to China. 

Large collection of information about individuals and their online habits has become an important source of profits. It is also a potential avenue for invasion of privacy because it can reveal extremely personal aspects. Companies, governments, and political parties find it valuable because they can use it to find the most convincing ways to advertise to you online.

Besides, presently, there are no laws on the utilisation of individual information and forestalling its abuse, even though the Supreme Court maintained the right to privacy as a fundamental right back directly in 2017.

 

How is data handled?

Data is collected and handled by entities called data fiduciaries.

While the fiduciary controls how and why data is processed, the processing itself may be by a third party, the data processor.

The physical attributes of data — where data is stored, where it is sent, where it is turned into something useful — are called data flows.

 

Why there are Concerns over the bill?

The bill is like a two-sided sword. While it protects the personal data of Indians by empowering them with data principal rights, on the other hand, it gives the central government with exemptions which are against the principles of processing personal data.

The government can process even sensitive personal data when needed, without explicit permission from the data principals.

 

Sources: the Hindu.