Focus: GS-II Governance, GS-III Science and Technology
Why in news?
Ministry of electronics and IT decided to block access to 59 Chinese mobile apps – by invoking the exception clause relating to sovereignty under IT Act.
The MeitY order specifically refers to the mining, profiling and unauthorised use of personal data, amongst other concerns.
The instant ban is yet another call for having a functionally robust Data Protection Authority (DPA).
The Personal Data Protection Bill and the DPA
- The Personal Data Protection Bill, 2019 entrusts the DPA with the mammoth task of protecting the right to privacy of 1.3 billion Indians by regulating approximately 600 million entities, including the proliferating digital ecosystem of both the government of India and the states.
- As opposed to a sectoral regulator like SEBI, IRDA, TRAI etc, it is a sector agnostic body and has wide powers cutting across different sectors and economic spheres with powers to penalise not only both central and state governments but also other fourth branch watchdogs such as Comptroller and Auditor General of India and the Election Commission and even more significantly, the legislature and judiciary itself.
- For impartial and effective discharge of its crucial role, there is a need for the DPA to have sufficient capability to discharge its functions.
- The independence of the DPA is the foremost criterion for meeting such a requirement and a necessary prerequisite for a free and fair cross border transfer of data.
Some Concerns and Pointers
- Under the bill, the Centre has the power to notify categories of ‘sensitive personal data’ in consultation with the DPA and sectoral regulators concerned. Such powers should vest solely with DPA as it is the primary rule making body under the bill and must remain at more than an arm’s length from the government.
- The Centre is empowered under the bill to issue binding directions to the DPA without any prior consultation with it. This may adversely affect the functional autonomy of the body.
- While the power to notify certain large data fiduciaries as ‘significant data fiduciaries’ rests solely with the DPA, the Centre has been given the power (in consultation with the authority) to notify social media intermediaries as significant data fiduciaries, thereby diluting DPA’s power.
- A single centralised body as conceptualised now may not even be able to functionally discharge its responsibilities of safeguarding every citizen’s right to privacy and preventing any harm to him, but a decentralised body will pave the way for an efficient, agile and flexible DPA.
- The DPA may need to be constituted as a collegial body with a combination of full-time, part-time and independent members from judiciary, civil society and persons of ability, integrity and standing in the field of data protection, technology and regulation.
- Considering the brisk pace of change in the field of technology and data sciences, increasing DPA’s capacity, both qualitatively and quantitatively, in this area is a crucial imperative.
- To gain much needed public trust and make enforcement effective – the DPA has to subject itself to the requirements under the RTI Act.
- The bill confers absolute discretion to the Centre for deciding the number of adjudicating officers, the manner and term of their appointment and jurisdiction – thus there are concerns regarding issues of independence, conflict of interest and bias.
-Source: Times of India