Indian Personal Data Protection Bill 2018: Need of the digital era!

Posted bysathishhariharanPosted inUncategorized

Digital age:

 In the digital era, Technology is the major force transforming our lives. On one hand this has created huge opportunities, however on the other hand opened up various concerns such as data theft, eavesdropping, data misuse, cyberbullying to name a few.   Digitalization and urban lifestyle has resulted in increasing awareness about data privacy and protection of information shared amongst Indians, especially on digital platforms.

The Personal data protection bill:

 Untill now, privacy laws in india actually offers little protection against misuse of your personal information. It is currently governed by SPD Rules(Sensitive personal data and information 2011) which is not adequate for the current digital age.

  In 2017, a committee of experts formed under Shri B N Srikrishna, former supreme court judge to analyse various issues related to data protection in India and make specific suggestions related to the issue and suggest a draft data protection bill.  Committee has submitted its draft bill to the ministry of Electronics and information technology on 27 july 2018.

What is it:

The bill asserts the right to privacy as a fundamental right(as declared by supreme court) and unless the users have given their explicit consent, their personal data will not be shared or processed. Below are the key aspects of the bill

  • Privacy framework which gives Indians freedom to protect the data
  • All sensitive personal data, children data stored should be obtained by Consent
  • Applies to all business carried in India
  • Sensitive critical personal data should only be stored in India
  • One “mirror copy” is required to be retained in India if the processing of personal data is carried outside India
  • Maintaining transparency regarding general practices related to processing of sensitive personal data should be done by data fiduciary. Fiduciary should also follow principles of record keeping, data audit and data protection impact assessment.
  • Data protection authority of india will be established
  • Tough penalties for breach starting from 2-4 % of organisation’s global turnover or upto 15 crores.

Why is it important :

          Think of the recent admission by Facebook that the data of 87 million users, including 5 lakh Indian users, was shared with Cambridge Analytica. The very thought of personal data being used for unknown intentions, had sent ripples of fear across the globe.  

Authors views :

        If you are an ardent user of social media and digital apps, the bill if passed as an act will enable that data is collected only after your consent unlike pre-set or default consent forms that hardly give you a choice on sharing data.

       Very recently, the European Union had enacted the General Data Protection Regulation (GDPR) which establishes the right to privacy as one of the fundamental rights. It requires explicit consent from consumers for usage of their data. The Personal Data Protection Bill 2018 in India follows the implementation of the GDPR (General Data Protection Regulation) from EU and has taken cues from the legal frameworks in other countries.

       Even though the Indian bill lacks the consumer’s rights to demand deletion of the past personal data as like GDPR, this bill is a welcome move, which will enable organization to think data protection as a boardroom agenda and consumers having privacy as their fundamental rights.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Design a site like this with WordPress.com
Get started