Call Us Now

+91 9606900005 / 04

For Enquiry

legacyiasacademy@gmail.com

WHY THE PERSONAL DATA PROTECTION BILL MATTERS?

Context:

The number of personal data breaches from major digital service providers has increased worryingly in the same period as the pandemic has forced more people to participate in the digital economy.

The Personal Data Protection Bill, 2019, now under scrutiny by a Joint Parliamentary Committee, could play a big role in providing robust protections to users and their personal data.

Relevance:

GS-III: Internal Security Challenges (Cyber Security, Government Policies & Interventions, Internal security challenges through communication networks)

Mains Questions:

What is need for India to have a robust data protection regime? To what extent does the Personal Data Protection Bill, 2019 address the issues? Critically examine. (15 Marks)

Dimensions of the Article:

  1. Significance of Data
  2. Personal Data Protection Bill 2019
  3. Advantages of the changes
  4. Issues with the bill
  5. Data Protection Authority (DPA): The solution?
  6. Broad Mandate of the DPA, a problem

Significance of Data

  • Data is the large collection of information that is stored in a computer or on a network.
  • Data is collected and handled by entities called data fiduciaries.
  • While the fiduciary controls how and why data is processed, the processing itself may be by a third party, the data processor.
  • This distinction is important to delineate responsibility as data moves from entity to entity. For example, in the US, Facebook (the data controller) fell into controversy for the actions of the data processor — Cambridge Analytica.
  • The processing of this data (based on one’s online habits and preferences, but without prior knowledge of the data subject) has become an important source of profits for big corporations.
  • Apart from it, this has become a potential avenue for invasion of privacy, as it can reveal extremely personal aspects.
  • Also, it is now clear that much of the future’s economy and issues of national sovereignty will be predicated on the regulation of data.
  • The physical attributes of data — where data is stored, where it is sent, where it is turned into something useful — are called data flows. Data localisation arguments are premised on the idea that data flows determine who has access to the data, who profits off it, who taxes and who “owns” it.

Personal Data Protection Bill 2019

  • The Personal Data Protection Bill 2019 (PDP Bill 2019) is being analyzed by a Joint Parliamentary Committee (JPC) in consultation with experts and stakeholders.
  • The Bill covers mechanisms for protection of personal data and proposes the setting up of a Data Protection Authority (DPA) of India for the same.
  • Some key provisions the 2019 Bill provides for which the 2018 draft Bill did not, such as that the central government can exempt any government agency from the Bill and the Right to Be Forgotten, have been included.
  • The Bill proposes “Purpose limitation” and “Collection limitation” clause, which limit the collection of data to what is needed for “clear, specific, and lawful” purposes.
  • It also grants individuals the right to data portability and the ability to access and transfer one’s own data. It also grants individuals the right to data portability, and the ability to access and transfer one’s own data.
  • Finally, it legislates on the right to be forgotten. With historical roots in European Union law, General Data Protection Regulation (GDPR), this right allows an individual to remove consent for data collection and disclosure.

The Bill trifurcates data as follows:

  1. Personal data: Data from which an individual can be identified like name, address etc.
  2. Sensitive personal data (SPD): Some types of personal data like as financial, health, sexual orientation, biometric, genetic, transgender status, caste, religious belief, and more.
  3. Critical personal data: Anything that the government at any time can deem critical, such as military or national security data.

Advantages of the changes

  • Data localisation can help law-enforcement agencies access data for investigations and enforcement.
  • As of now, much of cross-border data transfer is governed by individual bilateral “mutual legal assistance treaties”.
  • Accessing data through this route is a cumbersome process and also instances of cyber-attacks and surveillance can be checked easily.
  • Social media is being used to spread fake news, which has resulted in lynchings, national security threats, which can now be monitored, checked and prevented in time.
  • Data localisation will also increase the ability of the Indian government to tax Internet giants.
  • A strong data protection legislation will also help to enforce data sovereignty.

Issues with the bill

  • The current draft requires the DPA to maintain a cadre of adjudicating officers and specifies their desired areas of expertise.
  • All other important details, like the terms of appointment, jurisdictional scope, and procedure for hearings, are, however, left to be decided by the central government.
  • The Bill doesn’t even specify whether the adjudication process can, or should, be preceded by mediation, which could help in the amicable settlement of many complaints.
  • Many contend that the physical location of the data is not relevant in the cyber world. Even if the data is stored in the country, the encryption keys may still be out of reach of national agencies.
  • National security or reasonable purposes are an open-ended terms, this may lead to intrusion of state into the private lives of citizens.
  • Technology giants like Facebook and Google have criticised protectionist policy on data protection (data localisation).
  • Protectionist regime supress the values of a globalised, competitive internet marketplace, where costs and speeds determine information flows rather than nationalistic borders.
  • Also, it may backfire on India’s own young startups that are attempting global growth, or on larger firms that process foreign data in India.

Data Protection Authority (DPA): The solution?

  • One of the many important duties cast on the Data Protection Authority (DPA) that is to be created under the Bill is to adjudicate complaints received from data principals — individuals whose personal data is processed by others.
  • The DPA is set to function as what the Financial Sector Legislative Reforms Commission (FSLRC) termed as a “mini-state”. This refers to an agency that is entrusted with a mix of quasi-legislative (regulation-making), executive (supervision and enforcement), and quasi-judicial (adjudication) functions.
  • It comes with the risk that, absent structural safeguards, the agency might end up abusing or, conversely, neglecting some of its functions. A carefully-crafted regulatory design and robust accountability mechanisms are, therefore, essential.

Broad Mandate of the DPA, a problem

  • Unlike other sectoral regulators that oversee specific businesses, the DPA’s authority will extend to anyone who deals with personal data.
  • This may include individuals, private entities or any department or agency of the state.
  • Further, since each data principal is party to multiple online and offline relationships, the universe of regulated transactions becomes even larger.
  • Even a miniscule 0.5% rate of complaints out of the total shares of personal data will result in more than 10 million cases in a year. A caseload of this sort would be daunting for any agency.
  • As a consequence, the DPA may either be overwhelmed by the volume of complaints or may grossly under-prioritise this aspect, resulting in delays, erosion of trust and poorer outcomes.

-Source: The Hindu

Recent Posts
April 2024
MTWTFSS
1234567
891011121314
15161718192021
22232425262728
2930 
Categories
Tags
Biodiversity Budget Disaster management Diseases Economic Development Economic Survey Education GS-1 Art and Culture GS-1 Geography GS-1 History GS-1 Indian Society GS-2 Agriculture GS-2 Bilateral GS-2 Environment and Ecology GS-2 Executive and judiciary GS-2 Geography GS-2 Governance GS-2 Health GS-2 Indian Constitution GS-2 Indian Economy GS-2 International Relations GS-2 Polity and Constitution GS-2 Social Justice GS-2 Welfare Schemes GS-3 Agriculture GS-3 Disaster Management GS-3 Environment and Ecology GS-3 Food Processing GS-3 Growth and Development GS-3 Indian Economy GS-3 Industry and Infrastructure GS-3 Internal Security GS-3 Science and Technology GS2 GS 3 International Relations History Optional Strategy Indian economy International Institutions Motivation PIB Preparation Strategy for History Optional Sociology Optional Strategy Space Technology Welfare Schemes Women Empowerment
Enquire Now

About

Legacy IAS Academy (LIA) is a well-known name for IAS Preparation in Bangalore. LIA is a group of experienced faculties, which included retired IAS/IPS/IRS officers, Academics, and extraordinary tutors from trusted Institutes in India.

Newsletter

Stay updated with our latest analysis on Daily Current affairs from the Hindu, Indian Express and other leading newspapers along with our PIB and Editorial Summaries.
Register now and be a part of the clan to not miss even a single update on getting one step closer to your dreams!

    Facebook Twitter Youtube Instagram Telegram

    Contact us

    Legacy IAS Academy – Drive Location 

    Address: #1535, 39th Cross Rd, Kottapalya, 4th T Block East, Jayanagara 9th Block, Jayanagar, Bengaluru, Karnataka 560041

    Phone: +91 9606900005 /04

    Email:  legacyiasacademy@gmail.com

                  info@legacyias.com

    Legacy IAS Academy © 2019-2024 All Rights Reserved.