Daily Current Affairs : 6-July-2023
The Digital Personal Data Protection Bill, 2022, is a significant component of the comprehensive technology regulations framework being developed by the Indian government. It aims to protect the personal data of individuals in the digital realm, both within India and in cases where data processing occurs outside the country but relates to Indian individuals. This essay delves into the key features of the bill, its implications, and the arguments for and against its implementation.
Key Highlights of the Bill
Applicability
The bill applies to the processing of digital personal data within India, including data collected online or offline that is subsequently digitized. It also extends its reach to data processing outside India if it involves offering goods or services or profiling individuals within the country.
Definition
Personal data is defined as any information about an identifiable individual. Processing refers to the automated operations performed on digital personal data, encompassing collection, storage, use, and sharing.
Consent
Processing of personal data is allowed only for lawful purposes with the consent of the individual. Consent may be deemed given in various situations, such as when it is necessary for the performance of a legal function, provision of a service or benefit, or for specified public interest purposes like national security and fraud prevention. In the case of individuals below 18 years of age, consent must be provided by their legal guardian.
Rights and Duties of Data Principals
Data principals, i.e., individuals whose data is being processed, are granted several rights. These include the right to obtain information about the processing, seek correction and erasure of personal data, nominate another person to exercise their rights in case of death or incapacity, and access a grievance redressal mechanism. However, they must also fulfill certain duties, such as refraining from registering false or frivolous complaints and providing accurate information.
Obligations of Data Fiduciaries
Data fiduciaries, the entities responsible for determining the purpose and means of processing, are required to ensure the accuracy and completeness of data, establish reasonable security safeguards against data breaches, and promptly delete personal data once its purpose has been fulfilled. However, government entities are exempt from the storage limitation requirement.
Transfer of Personal Data Outside India
The bill mandates that the central government notify countries to which data fiduciaries may transfer personal data. Transfers must adhere to prescribed terms and conditions to safeguard data privacy.
Exemptions
Certain exemptions from the bill’s provisions are allowed, including cases involving the prevention and investigation of offenses and the enforcement of legal rights or claims. The central government holds the power to exempt specific activities from the bill’s application, such as processing by government entities for reasons of national security and public order, research, archiving, or statistical purposes.
Data Protection Board of India
The bill establishes the Data Protection Board of India, responsible for monitoring compliance, imposing penalties, directing measures in the event of data breaches, and addressing grievances from affected individuals. The board’s composition, selection process, and terms and conditions of service will be determined by the central government.
Arguments for the Bill
Easy Enforcement of Laws
The bill’s emphasis on data localization enables law enforcement agencies to access data for investigations and enforcement. It replaces the existing reliance on bilateral “mutual legal assistance treaties” for cross-border data transfer. Additionally, data localization benefits local companies that store data exclusively in India and allows the government to regulate and tax internet giants more effectively.
Arguments against the Bill
Concerns Regarding the Right to Information
Critics have raised concerns about an amendment to the Right to Information Act, 2005 within the Digital Personal Data Protection Bill. This amendment restricts government departments from sharing personal information, potentially impeding public accountability and the ability to hold public officeholders responsible.
Appointment of Board Members by the Center
Another point of contention revolves around the central government’s control in appointing members of the Data Protection Board. Critics argue that this could undermine the board’s independence, as the chief executive will also be appointed by the central government, along with determining their terms and conditions of service.
Comparison with Other Countries
When comparing India’s Digital Personal Data Protection Bill with similar legislation globally, some key differences emerge:
EU Model (GDPR)
The General Data Protection Regulation (GDPR) focuses on comprehensive data protection laws and has been criticized for its stringent requirements and numerous obligations imposed on data processing organizations.
US Model
Privacy protection in the United States centers on “liberty protection,” primarily safeguarding individuals’ personal space from government intrusion. This model allows for the collection of personal information as long as individuals are informed of such practices.
China Model (PIPL)
China’s Personal Information Protection Law (PIPL) grants Chinese data principals new rights to prevent the misuse of personal data, highlighting its commitment to data privacy.
Important Points:
- The Digital Personal Data Protection Bill, 2022 is a crucial part of India’s technology regulations framework.
- The bill applies to the processing of digital personal data within India and data processing outside India related to Indian individuals.
- Entities collecting personal data, known as data fiduciaries, are required to maintain data accuracy, security, and delete data after its purpose is fulfilled.
- Violations of the bill can be brought to the data protection board, which can decide on penalties and settlements.
- The bill draws inspiration from the EU’s General Data Protection Regulation and specifies norms for managing personal data and obtaining explicit consent.
- Key highlights of the bill include its applicability, definition of personal data and processing, consent requirements, rights and duties of data principals, obligations of data fiduciaries, and regulations on the transfer of personal data outside India.
- Arguments in favor of the bill include easy enforcement of laws and support for local companies.
- Concerns raised against the bill include potential limitations on the right to information and central government control over the appointment of board members.
- Comparisons with other countries reveal differences in approaches to data protection, such as the EU model (GDPR), US model, and China model (PIPL).
- The bill’s implementation will play a significant role in shaping India’s digital landscape and ensuring data protection and privacy in the evolving technological era.
Why In News
The Digital Personal Data Protection Bill, 2022, a highly anticipated piece of legislation, is slated to be presented for discussion during the upcoming Monsoon Session in Parliament. If passed, the bill will introduce comprehensive measures aimed at safeguarding individuals’ personal data in the rapidly evolving digital landscape.
MCQs about The Digital Personal Data Protection Bill
-
What is the primary purpose of the Digital Personal Data Protection Bill, 2022?
A. To regulate technology companies
B. To protect personal data in the digital realm
C. To promote data localization
D. To impose financial penalties on data fiduciaries
-
Which entity is responsible for determining the purpose and means of data processing?
A. Data fiduciary
B. Data principal
C. Data protection board
D. Central government
-
What are the key functions of the Data Protection Board of India?
A. Monitoring compliance and imposing penalties
B. Directing data fiduciaries in case of data breaches
C. Addressing grievances from affected individuals
D. All of the above
-
Which model of data protection is characterized by a focus on “liberty protection”?
A. EU model (GDPR)
B. US model
C. China model (PIPL)
D. None of the above
Boost up your confidence by appearing our Weekly Current Affairs Multiple Choice Questions
