Tuesday, 2 November 2021

Data Protection Bill 2019

 The genesis of this Bill lies in the report prepared by a Committee of Experts headed by Justice B.N. Srikrishna.

The committee was constituted by the government in the course of hearings before the Supreme Court in the right to privacy case (Justice K.S. Puttaswamy v. Union of India).

 

How does the bill seek to regulate data?

The bill constitutes 3 personal information types:

  1. Critical
  2. Sensitive
  3. General

 

Other Key provisions:

Data principal: As per the bill, it is the individual whose data is being stored and processed.

Social media companies, which are deemed significant data fiduciaries based on factors such as volume and sensitivity of data as well as their turnover, should develop their own user verification mechanism.

An independent regulator Data Protection Agency (DPA) will oversee assessments and audits and definition making.

Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for auditing, grievance redressal, recording maintenance and more.

The bill also grants individuals the right to data portability, and the ability to access and transfer one’s own data.

The right to be forgotten: This right allows an individual to remove consent for data collection and disclosure.

 

Exemptions:

The Personal Data Protection (PDP) Bill 2019 has a contentious section 35, which invokes “sovereignty and integrity of India,” “public order”, “friendly relations with foreign states” and “security of the state” to give powers to the Central government to suspend all or any of the provisions of this Act for government agencies.

 

Why there are Concerns over the bill?

The bill is like a two-sided sword. While it protects the personal data of Indians by empowering them with data principal rights, on the other hand, it gives the central government with exemptions which are against the principles of processing personal data.

  • The government can process even sensitive personal data when needed, without explicit permission from the data principals

No comments: