Right To Privacy

Data protection bill in new Avatar: protecting privacy rights

Note4Students

From UPSC perspective, the following things are important :

Prelims level: NA

Mains level: Important aspects of the Data protection bill

Data protection

Context

  • On November 18th Government released the fourth iteration of the data privacy legislation: The Digital Personal Data Protection Bill, 2022 (Bill).

Click and get your FREE Copy of CURRENT AFFAIRS Micro Notes

Background: Evolution of Demand for the data protection

  • The journey towards data protection legislation began in 2011 when the department of Personnel and Training initiated discussions on the Right to Privacy Bill, 2011.
  • The major fillip to the data protection case was given by the K. Puttuswamy judgment, 2017 where the supreme court held the “Right to privacy” as a fundamental right under Article 21- right to life and personal liberty.
  • After the Puttaswamy judgment, the government-appointed B.N Srikrishna committee the drafting of a law for data protection and privacy. This led to the Justice B.N. Srikrishna committee report which later on led to the Personal Data Protection Bill of 2019.

Data Protection

Two major stakeholders of the Legislation Data principles and data Fiduciary

  • Data Principle: Data principles refers to the subject whose data is being processed. While the Bill lists the “duties” of the Data Principals, these have no bearing on the realisation of the rights provided by the Bill.
  • Data Fiduciary: It is an entity that processes this data. The drafters of the Bill seem to be affirming that the Data Fiduciary is responsible for safeguarding the interests of Data Principals.
  • What is Data Fiduciary: The use of the term, “fiduciary” whilst referring to a data processor is significant. In different spheres of the law, when one party owes a “fiduciary” duty towards another a trustee, beneficiary, guardian or ward, the relationship between the two is guided by trust, assurance and good faith.
  • Obligations of data fiduciaries towards data principles: In line with this philosophy, the rest of the Bill describes the obligations of the Data Fiduciaries towards Data Principals, the rights and duties of the latter and the regulatory framework through which data will be processed.

Two noteworthy aspects of the Bill

  1. Bill outlined the category of Data fiduciaries: In addition to the general obligations to prevent the misuse of the personal data of individuals, the Bill has outlined a category of Significant Data Fiduciaries, entities that are required to comply with additional measures to safeguard the personal data of individuals.
  • Why is this distinction being necessary: This distinction is essential as only companies that process vast amounts of data or have a potential impact on the country’s sovereignty and integrity need to take such stringent measures. Such measures reduce the compliance cost of companies that are at a nascent stage.
  1. Relaxing Data localisation norms: Onerous provisions on “data localisation” in the previous versions of the Bill, which mandated companies to store user data only within India, have been omitted.
  • How this move will maintain balance: The reworked Bill permits the government to notify countries to which data transfers may be permitted. This is a major respite for several tech companies, who have long talked about the infeasibility of the data localisation provisions. A balance has now been struck between the legitimate concerns of businesses and the protection of personal data of individuals.

Data Protection

Where else does this bill need attention?

  • Focus remains only on the nature and gravity of the violation: While the Bill is, by and large, comprehensive. Section 25 and Schedule I, that deal with penalties, require elaboration. Section 25 refers to the quantum of financial penalty that must be imposed on a person guilty of non-compliance in matters related to detail. The focus remains only on the nature and gravity of the violation. The proposed legislation does not consider the financial ranking of a company before imposing penalties.
  • The bill must take financial ranking of the company in consideration: The Bill must ensure that the penalties imposed are proportionate to the size and operations of a company, to be effective, fines must not drive companies into economic loss.
  • For instance: A leaf can be taken from the European Union’s General Data Protection Regulation (GDPR), amongst other similar regulations, which levies penalties in accordance with the total turnover of companies.

Data Protection

What makes this bill distinct and comprehensive?

  • Promoting cooperation: The Bill safeguards individual data, whilst also promoting cooperation between data fiduciaries and the government.
  • As per the India’s requirements: While it draws upon the best practices of foreign jurisdictions, such as Europe and Australia, it has been drafted in a manner that is tailor-made to India’s requirements.
  • Exemptions are restrictive: Even the exemptions granted to the Centre are extremely restrictive and in sync with past judicial precedents and Article 19(2) of the Constitution.
  • Significant shift in drafting legislation: The Bill marks a significant shift in the manner of drafting legislation. Historically, comprehending a piece of legislation in India has usually been akin to the membership of an exclusive club only legal practitioners, policy professionals and a handful of politicians are able to understand and interpret laws.
  • Ensures simplification and accessibility to ordinary citizens: This Bill marks a transition from legalese to legal simplification, it realises that it is in our best interests to ensure that all laws especially legislation that have a significant impact on citizens are made accessible to all individuals irrespective of their professional or educational standing.

Conclusion

  • The Bill safeguards individual data, whilst also promoting cooperation between data fiduciaries and the government. While it draws upon the best practices of foreign jurisdictions, it has been drafted in a manner that is tailor-made to India’s requirements. Exemptions granted to the Centre are extremely restrictive.

Mains Question

Q. What are the salient aspects of the Digital Personal Data Protection Bill? Discuss what makes it unique and inclusive.

(Click) FREE1-to-1 on-call Mentorship by IAS-IPS officers | Discuss doubts, strategy, sources, and more

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

JOIN THE COMMUNITY

Join us across Social Media platforms.

💥Mentorship December Batch Launch
💥💥Mentorship December Batch Launch