Data Protection Bill: The important question of privacy

Because he will get access to personal data only in exceptional circumstances like national security, epidemic and natural calamities. Its purpose is to guarantee user consent as well as protect personal data.

In fact, after the release of the fourth draft of the bill, experts have started speculating that the new law in India will give a lot of powers to the government, but it is not as comprehensive in terms of guaranteeing security measures. On the other hand, the government argues that the objective is to create a comprehensive legal framework to govern the digital platform. Under this, legislation on the use of non-personal data to promote privacy (data privacy), security (cyber security), telecommunication regulation (telecom regulation) and innovation is included.

Relaxation in rules for new venture

The government is considering giving relaxation in some rules to the new venture starting its business in the proposed law. The aim is that innovation should not go out of the country due to following the rules. However, this exemption will be given to startups only for a certain period of time. The Ministry of Electronics and Information Technology (METY) is considering reforms in this bill.

This exemption may be limited to cases where some kind of data modeling is being done by the Startup for the development of its solution. The draft proposes to exempt only data interconnection and data processing units notified by the government to provide information about data collection, data sharing, data processing.

protection of personal data

According to the protocol, the consent of that person is necessary before collecting personal data. There is also a provision to impose penalty on those who use this data without consent, whether it is a person or a company. Activities such as accidentally making public, sharing, tampering with or destroying data would come under the purview of misuse.

In case of data being sent to other countries, the DPDP draft allows for storage and transmission in a ‘trusted’ jurisdiction and the government will have the right to define this jurisdiction. According to experts, this law will eliminate mandatory data localization rules, due to which there is a compulsion to store ‘very important’ data only in India.

Provisions in the European Union

The landmark General Data Protection Regulation (GDPR) law of the European Union has inspired around 160 countries around the world to enact such legislation. It is clearly designed with privacy in mind and mandates consent of an individual before its data can be used.

The GDPR focuses on a comprehensive data protection law for the use of personal data. It has been criticized for being too draconian and imposing too many obligations on organizations engaged in data processing, but is seen as a precedent for data protection laws around the world.

how will the regulator

The proposed data protection board would be independent and would not include any government official. This board will look into matters related to data protection. According to officials, it is not possible to violate the privacy of citizens through this law. The Bill spells out in very clear terms what are the exceptional circumstances under which the government can have access to personal data of Indian citizens – national security, pandemic, health care, natural calamity.

Just as freedom of expression is not absolute and is subject to reasonable restrictions, so is the right to data protection. The provisions from which entities notified by the government will be exempted relate to informing an individual about the purpose of data collection, collection of children’s data, risk assessment to public order, appointment of a data auditor, etc. The draft DPDP Bill also prohibits individuals from sharing unverified and false information with data management entities.

rights of government

The Bill gives broad powers to the government to exempt any of its agencies from compliance with this law. That is why various stakeholders have raised concerns that the government’s unfettered access to data can be misused. For example, in situations where data is used by government agencies in the name of law enforcement to crack down on protests.

The Data Protection Board of India will be given the responsibility of enforcing and monitoring the law. According to experts who work on issues such as digital rights and privacy, the independence of the board could be a problem, as the rules and organization of the data protection board will be decided by the government. Certainly there should be an independent board for this.

what do experts say

The National Data Governance has provisions to deal with confidential anonymous data, while the scope of the DPDP Bill is limited to personal data protection only. We have a National Data Governance Framework Policy for the entire non-personal and confidential data area. The scope of the DPDP Bill is limited to personal data protection.

• Rajeev ChandrasekharMinister of State, Electronics and Information Technology

This law empowers all government entities to be exempt from all provisions of this law. It is clear that this is an open invitation to the executive to act arbitrarily. The current draft has been prepared in favor of the government. The regulator would be merely a puppet of the government and would not have any independence.

• Justice BN Srikrishna, Former Supreme Court Justice