GS Paper 2
Syllabus: Government policies and issues arising out of it
Source: TH
Direction: Previously we have seen the key provisions of the new Bill. These are extra points and will help in understanding how the new Bill differs from its older version and data protection laws around the world.
Context: The draft Digital Personal Data Protection Bill, 2022, was recently opened by the Union Ministry of Electronics and IT (MeitY) for public comments.
How the 2022 Bill differs from its older version:
| 2022 Bill | 2019 Bill | Conclusion | |
| Personal data | Completely inapplicable to data processed manually | Only excluded data processed manually specifically by small entities | The new Bill provides a lower degree of protection |
| Data localisation | Relaxes data localisation rules and permits data to flow to certain global destinations, based on their data security landscape | Mandated enterprises to keep a copy of sensitive personal data within India and prohibited the transfer of critical personal data from the country | The new Bill made the changes to address the concerns expressed by IT firms |
| Regulation of social media and non-personal data | Drops provisions to regulate non-personal data (information that does not reveal the identity of an individual) and social media | Included | |
| The right to post-mortem privacy | Included | No such provision | It would allow the data principal (users) to nominate another individual in case of death or incapacity |
| Territorial application of the law | Excludes data processing by Indian data fiduciaries that collect and process personal data outside India, of data principals who are not located in India | Included | Impact statutory protections available for clients of Indian start-ups operating overseas, thus impacting their competitiveness |
| Penalty | The focus is more on financial penalties | Criminal conviction |
Data protection laws in other geographies:
- EU model:
- In the EU, the right to privacy is enshrined as a fundamental right, protecting an individual’s dignity and her right over the data she generates.
- The General Data Protection Regulation (GDPR), a comprehensive data protection law, has been criticised for being stringent, but it serves as the model for most legislation produced globally.
- US model: Privacy protection is largely defined as “liberty protection” focused on the protection of the individual’s personal space from the government.
- China model: New Chinese laws on data privacy and security gives Chinese data principals new rights as it seeks to prevent the misuse of personal data.
Conclusion: Though the new data protection bill of India is significantly simpler this time excluding non-personal data, it will require several modifications before it is practical.
Insta Links:
New draft digital data protection bill tabled for comments
Mains Links:
Q. Critically analyse the provisions of the Data protection bill. Mention the changes suggested by various committees on the data protection bill.
