Business

Data Protection Bill | Where India Stands On Data Protection And Why We Need It

One of the recommendations by the Joint Parliamentary Committee to the final draft of the Bill is the inclusion of non-personal data within its scope which will expand its🤡 purview.

Data Protection Bi🐈ll | Where India Stands On Data Protection And Why We Need It
info_icon

After almo🧔st two years of deliberations, the spotlight is back on the Personal Data Protection Bill, 2019 against the backdrop of the Parliamꦑent’s ongoing winter session.

A 30-member Joint Parliamentary Comm꧃ittee (JPC), headed by BJP MP PP Chaudhary, tabled its report with recommendations to the Bill in the two houses of the Parliame♔nt on Thursday.

While privacy advocates have been opposing the Bill, some Opposition MPs, too, have flagged concerns through their dissent notes. Let’s take a look at where we stand, the road ahead and why India needs a law to protect൩ data.

How is personal data regulated currently?

At present, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, which falls under the Information Technology Act, 2000, is used to protect personal data. The rules state that in case of any negligence in maintaining security standards while dealing with the data, compan🧸ies using the data will be held liable for compensation.

The IT Act, however, is full of loopholes with respect to the regulation of sensitive personal data, the ability to override some of the provisions by a contract and the Act being applicable only to the companies,💖 not to the government or any other foreign entity.

The new Bill looks to cover those.

What does the Bill and JPC recommendations entail?

The Bill ಌwas first proposed by the government back in 201🦩8. It was introduced in the Lok Sabha in 2019 by former Union Minister Ravi Shankar Prasad. Since then, several changes have been made to the original draft.

One of the recommendations by the JPC to the final draft of the Bill is the inclusion of non-personal data within its scope. Tha𒆙t would chang𓆉e the nature of the Bill from personal data protection to just data protection.

The JPC recommends considering all social media platforms as publishers and to hold them accountable for the content on their platform. These platforms will also have to set up their offices in India and a statutory regulatory authority, on the lines of the Press
Council of India, will be established.

Its other recommendations include setting up an alternative to the i🐭nternationally accepted SWIFT payment system and handing the government wide-ranging powers like exempting any company from the application of the law.

The draft is also said to have regulations for organisations that deal only with children's data which say that they’ll have to register with the Data Protection Authority (DPA)—a regulatory body that will have the authority to decide how various aspects of the
law will be implemented.

How will compliance work?

As per the Bill, an individual whose personal data is being processed will be referred to as data principal and the entity or individual who decides the means and purposes of data processing will be known as data fiduciary. The registration of data fiduciaries
starts within nine months and the appellate tribunal will begin work within 12 months of the﷽ notification of the Act.

The JPC has said that the DPA will commence its operations wi﷽thin six months and thel provisions of the Bill will be implemented no later than 24 months from notification.

The DPA will consist of members who are experts in fields such as data protection and information technology. Any person who is unsatisfied with the redressal by the data fiduciary can appeal to the DPA. Furthermore, orders of the DPA can appeal to an Appellate
Tribunal and appea𝔉ls fr💛om the Tribunal will go to the Supreme Court.

Since it isn’t possible to differentiate between personal and non-personal data when dealing with mass data, the committee has said that there should be only one DPA who deals with privacy and personal data as well as non-personal data. “To avoid contradiction, confusion,
and m🙈ismanagement, a single administration and regulatory body is necessitated,” ꧑the committee said in the report.

It further states that if there is a data leak, the DPA is to be notified within 72 hours of the company becoming aware of the breach. The DPA shall then “take into account the personal data breach and the severity of harm that may be caused” to the persons whose
d🌳ata has been leaked and accordingly ask the company to report it and “take appropriate remedial measures”.

If the data fiduciary does not take prompt actions or does not follow the regulations laid down or does not appoint a data protection officer as per the rules, it could attract a penalty of up to Rs 5 crore or 2 per cent of the total worldwide turnover of the
preceding financial year, whichever is higher.

In addition to that, any entity violating the regulation for processing personal data or data of children or even transferring data outside India against the prescribed rules shall be liable to a fine of up to Rs 15 crore or 4 per cent of its total worldwide turnover
of the preceding financial 🌱year, whichever💯 is higher.

There are provisions laid down for government departments as well. In case of any offense, the head of the department is to first conduct an inꦗ-house probe to rule out those responsible for the said violation and only then will the liability be decided.

If somebody intentionally and without the consent of data fiduciary re-identifies personal data which has been de-identified, a jail term of up to 3 year💫s or a fine of up to Rs 2 lakh or 𒐪both shall be imposed.

However, even🧸 though a timeline has been laid down with regards to the implementation of the Bill, it is possible that it could get pushed to the next Parliamentary session due to time shortage.

Why is the Bill important for India?

India is advancing as a digital economy and needs a 🧔vigorous data protection law to safeguard the privacy of its citizens.

As there is no proper data protection regulation in place, it is hard to tell what rights citizens have, rendering the fundamental right to privacy largely meaningless. A data protection law will provide a legal basis to the citizens’ entitlement as it will help
i🍰n describing the extent of the fundamental right to privacy as well as what 📖data fiduciaries, who gather personal data, can and cannot do with it.

Furthermore, personal data includes potentially sensitive information such as phone numbers, addresses, religious beliefs, political opinions and so on. R⛎ight now, there are no regulations in place that stop companies from storing these datasets.

The companies are also not responsible if sensitive information like browsing patt𒆙erns and online behaviors, often stored without taking the consent of the u🐓sers, is leaked. This Bill will, therefore, have safeguards against the exploitation of such data.

Today Sports News

Trending Stories

Latest Stories
  1. Daily Horoscope For Today, October 19, 2024: Astrological Forecasts Forꦯ Each Zodiac Sign
  2. India Vs New Zealand♐, 1st Test Day 4 Highlights: Hosts Need To Defend 107 Before Bad Light Stop🌼s Play; IND - 46, 462; NZ - 402, 0/0
  3. Weekly Horoscope For October 20th To October 26th: Unlock The Astrological Predictions F▨or Every Zodiac Sign
  4. IND Vs NZ, 1st Test: Sarfar🌳az, Panꦐt Deliver Goods Before India Collapse To Set Kiwis 107-Run Target
  5. Yahyꦰa Sinwar Death: Who Will Head Ham☂as Next? | The Possible Successors
  6. Canadian Border Cop Named In India's Terror List; Ottawa Minister's 'On Notice' Warning To Diplomats | Latest
  7. Bhutan Vs Thailand Quadrangular T20I Series 2024 Toss Update: BHU To Bowl Fi𒀰rst - Check Playing XIs
  8. Cuba Suffers Nationwide Blackout As Its Main Power Plant Faiꦡls