Last Day - Flat 70% + Extra 10% Discount On Pendrive / Android Courses. Call On : 9354229384, 9315859773, 9354252518, 9999830584

Current Affairs

Data protection Bill and its drawbacks

Date: 06 December 2019 Tags: Bills & Laws

Issue

The Personal Data Protection (PDP) Bill, 2019 has been approved by the Cabinet and is slated to be placed in Parliament this winter session. The Bill has three key aspects that were not previously included in a draft version, prepared by a committee headed by retired Justice B N Srikrishna.

 

Background

Data is any collection of information that is stored in a way so computers can easily read them. Data usually refers to information about your messages, social media posts, online transactions, and browser searches.

 

Details

  • Data is stored in a physical space similar to a file cabinet of documents, and transported across country borders in underwater cables. To be considered useful, data has to be processed and analysed.

  • Data is collected and handled by entities called data fiduciaries. While the fiduciary controls how and why data is processed, the processing itself may be by a third party, the data processor.

  • The physical attributes of data like where data is stored, where it is sent, where it is turned into something useful, are called data flows.

  • Data localisation arguments are premised on the idea that data flows determine who has access to the data, who profits off it, who taxes and who “owns” it.

Need for Protection

  • The large collection of information about an individual and his online habits has become an important source of profits, but also a potential avenue for invasion of privacy because it can reveal extremely personal aspects.

  • Companies, governments, and political parties find it valuable because they can use it to find the most convincing ways to advertise to online.

Highlights of Personal Data Protection Bill

  • The Bill trifurcates personal data. The umbrella group is all personal data, from which an individual can be identified.

  • Some types of personal data are considered sensitive personal data (SPD), which the Bill defines as financial, health, sexual orientation, biometric, genetic, transgender status, caste, religious belief, and more. Another subset is critical personal data.

  • The government at any time can deem something critical, and has given examples as military or national security data.

  • The approved Bill removes stipulation for storing copy of all personal data in India. It requires individual consent for data transfer abroad. Similar to the draft, however, the Bill still requires sensitive personal data to be stored only in India.

  • It can be processed abroad only under certain conditions including approval of a Data Protection Agency (DPA). The final category of critical personal data must be stored and processed in India.

  • The Bill mandates fiduciaries to give the government any non-personal data when demanded. Non-personal data refers to anonymised data, such as traffic patterns or demographic data.

  • The Bill also requires social media companies, which are deemed significant data fiduciaries, to develop their own user verification mechanism.

  • The Bill includes exemptions for processing data without an individual’s consent for “reasonable purposes”, including security of the state, detection of any unlawful activity or fraud, whistleblowing, medical emergencies, credit scoring, operation of search engines and processing of publicly available data. 

  • The Bill calls for the creation of an independent regulator DPA, which will oversee assessments and audits and definition making. Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for auditing, grievance redressal, recording maintenance and more.

  • It also grants individuals the right to data portability, and the ability to access and transfer one’s own data. Finally, it legislates on the right to be forgotten. 

Importance of data localisation

  • Data localisation will help law-enforcement access data for investigations and enforcement.

  • Domestic-born technology companies, which store most of their data exclusively in India, support localisation. They have strongly argued that data regulation for privacy and security will have little teeth without localisation.

  • Many economy stakeholders say localisation will also increase the ability of the Indian government to tax Internet giants.

Arguments against the bill

  • Civil society groups have criticised the open-ended exceptions given to the government in the Bill, allowing for surveillance.

  • Even if the data is stored in the country, the encryption keys may still be out of reach of national agencies.

  • Protectionism may backfire on India’s own young start-ups that are attempting global growth, or on larger firms that process foreign data in India, such as Tata Consulting Services and Wipro.