Daily Current Affairs : 4-August -2023

In the era of digital information, the protection of personal data has become a paramount concern. The Digital Personal Data Protection Bill, 2023, tabled by the Centre, is a significant step towards establishing guidelines for the collection and utilization of personal data belonging to Indian citizens. This essay delves into the key provisions and implications of the bill, comparing it with data protection models from around the world.

Ensuring Transparency and Accountability

The bill outlines comprehensive procedures for corporations and the government to collect and use personal data. It clearly defines the roles of ‘data fiduciaries’ (corporations) and ‘data principals’ (individuals) and necessitates data fiduciaries to:

  • Specify the purpose of data collection and usage.
  • Appoint a data protection officer and provide their contact information.
  • Grant users the right to modify or delete their personal data.
Stringent Fines for Data Protection

The bill proposes a fine structure ranging from ₹50 crore to ₹250 crore for companies failing to protect user data or meet disclosure requirements. These fines can be compounded for each violation, ensuring a strong deterrent against data breaches.

Establishment of Data Protection Board

To oversee the implementation of the bill, it paves the way for the establishment of the Data Protection Board of India. While the Union government will appoint its members, the board will play a crucial role in upholding data protection standards.

Alignment and Deviations from IT Act

One notable aspect is the omission of Section 43A of the Information Technology Act, 2000, which required compensation to users in case of mishandling of data. The bill justifies this removal by explaining that compensation through civil tort law would be a more appropriate legal route.

Exemptions and State Interests

The bill offers a range of exemptions for state entities, allowing data processing in the interest of national sovereignty, security, or fulfilling legal obligations. However, the bill exempts firms from disclosing data sharing in cases of lawful data interception.

Criticisms and Concerns

Several criticisms have been raised against the bill:

  1. Weak Regulator: Concerns about the potential weakening of the Data Protection Authority of India, which is meant to be the primary regulator, have been voiced.
  2. Autocratic Appointments: The authority given to the Centre to appoint members of the data protection board raises worries about undue influence.
  3. Chinese Model Resemblance: Some provisions, such as bypassing consent norms for national security reasons, have been compared to the Chinese data protection model.
Comparative Data Protection Models

Three major global data protection models are:

  1. EU Model: The General Data Protection Regulation (GDPR) focuses on comprehensive protection of personal data, with strong rights for individuals. It enshrines the right to privacy and personal data protection as fundamental rights.
  2. US Model: Privacy protection is seen as “liberty protection” from government intrusion. The US lacks a comprehensive framework, instead relying on sector-specific regulations.
  3. China Model: The Chinese Data Security Law (DSL) grants new rights to data principals, emphasizes categorization of data, and imposes stringent penalties for non-compliance, resembling the GDPR in certain aspects.

Important Points:

  • The Digital Personal Data Protection Bill, 2023, addresses concerns over the protection of personal data in the digital age.
  • It outlines procedures for collecting and using personal data of Indian citizens by corporations and the government.

Transparency and Accountability

  • The bill defines roles of ‘data fiduciaries’ (corporations) and ‘data principals’ (individuals).
  • Data fiduciaries must specify data collection purpose, appoint a data protection officer, and grant users the right to modify or delete personal data.

Stringent Fines

  • Proposed fines range from ₹50 crore to ₹250 crore for failure to protect user data or disclose data usage.
  • Compounded fines can be imposed for repeated violations, serving as a deterrent against data breaches.

Data Protection Board

  • The bill lays the groundwork for the establishment of the Data Protection Board of India.
  • Board members will be appointed by the Union government to oversee data protection implementation.

Alignment and Deviations from IT Act

  • Section 43A of the Information Technology Act, 2000, requiring compensation for mishandling data, is omitted.
  • Compensation will follow civil tort law procedures instead of being part of the bill.

Exemptions and State Interests

  • Exemptions allow data processing for national sovereignty, security, and legal obligations.
  • Firms are not required to disclose data sharing for lawful data interception.

Criticisms and Concerns

  • Concerns over weakening the Data Protection Authority of India’s regulatory power.
  • Worries about autocratic appointments to the data protection board by the Centre.
  • Comparisons to the Chinese data protection model due to certain provisions.

Comparative Data Protection Models

  • EU Model: GDPR ensures comprehensive personal data protection as a fundamental right.
  • US Model: Privacy protection as “liberty protection,” lacks a comprehensive framework.
  • China Model: Data Security Law grants new rights, emphasizes data categorization, and imposes penalties.
Why In News

The Centre tabled the much-anticipated Digital Personal Data Protection Bill, 2023, aiming to fortify the safeguarding of individuals’ sensitive information in an increasingly interconnected digital landscape. This pivotal step underscores the government’s commitment to ensuring comprehensive data privacy regulations for the modern era while addressing emerging challenges in the digital realm.

MCQs about Digital Data Protection Bill 2023

  1. What is the primary purpose of the Digital Personal Data Protection Bill, 2023?
    A. To establish fines for companies involved in data breaches.
    B. To provide exemptions for state entities from data protection regulations.
    C. To outline procedures for collecting and using personal data while safeguarding user rights.
    D. To appoint members to the Data Protection Board of India.
    Correct Answer: C. To outline procedures for collecting and using personal data while safeguarding user rights.
    Explanation: The primary purpose of the bill is to outline procedures for data collection and usage while ensuring transparency, accountability, and user rights.
  2. Which of the following is NOT a requirement for data fiduciaries under the Digital Personal Data Protection Bill?
    A. Specifying the purpose of data collection
    B. Appointing a data protection officer
    C. Granting users the right to modify any collected data
    D. Providing contact information of the data principal
    Correct Answer: C. Granting users the right to modify any collected data
    Explanation: The data fiduciaries must specify the purpose of data collection, appoint a data protection officer, and grant users the right to delete or modify their personal data.
  3. How does the Digital Personal Data Protection Bill, 2023, compare to the European Union’s GDPR?
    A. The Indian bill grants more exemptions for data processing.
    B. Both bills focus on liberty protection against government intrusion.
    C. The Indian bill emphasizes comprehensive data protection rights for individuals.
    D. Both bills allow fines up to 10% of a company’s turnover for violations.
    Correct Answer: C. The Indian bill emphasizes comprehensive data protection rights for individuals.
    Explanation: The Indian bill, similar to the EU’s GDPR, focuses on comprehensive data protection rights for individuals.

Boost up your confidence by appearing our Weekly Current Affairs Multiple Choice Questions

Loading