Home Articles The Future Course of Personal Data Protection Bill

The Future Course of Personal Data Protection Bill

24
0

Since the personal data protection bill is expected to be tabled in the Indian Parliament this summer, it needs to be seen how the bill stands the test of time. Read on to know more about it…

The Personal Data Protection Bill is expected to be tabled in the Indian Parliament this summer. Back in July last year, retired Indian Supreme Court Justice BN Srikrishna -led committee, formed with the idea to create a powerful data protection law in India, has submitted its draft bill to the Ministry of Electronics and Information Technology (MEITY). This submission in July came after a year of consultations with various stakeholders, but it has been status quo since. There were great expectations from the recommendations of this committee, particularly after the European Union General Data Protection Regulation (GDPR) came into force in May last year. The draft bill, titled Personal Data Protection Bill, 2018 is important because of the increasing ambiguity over how a user’s data is protected, which still persists, when there is a greater push towards online services including by the government.

The Bill
The personal data protection bill states that “Any person processing personal data owes a duty to the data principal to process such personal data in a fair and reasonable manner that respects the privacy of the data principal.” Any and all personal data that is collected must be processed only for purposes that are clear, specific and lawful. The Data Protection Bill, 2018 also clarifies after any personal data is collected, it must be processed only for the purpose it was collected for in the first place.

For the data collection to be valid and legal, the Data Protection Bill, 2018 states that it is “free, having regard to whether it meets the standard under section 14 of the Indian Contract Act, 1872 (9 of 1872); informed, having regard to whether the data principal has been provided with the information required under section 8; specific, having regard to whether the data principal can determine the scope of consent in respect of the purposes of processing; clear, having regard to whether it is indicated through an affirmative action that is meaningful in a given context; and capable of being withdrawn, having regard to whether the ease of such withdrawal is comparable to the ease with which consent may be given” The most important aspect of this clause perhaps is the last part, which talks about making it easy for the original owner of the data, that is you and I, to be able to withdraw the data that we may have shared in the first place, for whatever reason we may want to.

“The data fiduciary shall not make the provision of any goods or services or the quality thereof, the performance of any contract, or the enjoyment of any legal right or claim, conditional on consent to processing of any personal data not necessary for that purpose,” clarifies the Data Protection Bill, 2018. This means that a service provider (specified here as data fiduciary) cannot ask for any other data apart from what is strictly necessary to provide a service in return.

The draft Data Protection Bill, 2018 recommends that a data fiduciary, any State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data, if found to be violating the safeguards for sensitive personal data, will be liable for a penalty of up to Rs 15 crore or 4 percent of the total worldwide turnover, whichever is more. If non-sensitive personal data safeguard terms are violated, then the penalty will be up to Rs 5 crore or 2 percent of the annual turnover, whichever is more.

The Road Ahead
This need for passing the personal data protection bill becomes even more important, as more and more instances of data misuse come to light. Facebook, for instance, has been regularly at the receiving end of criticism from governments, regulators and users for various data privacy mishaps since the Cambridge Analytica scandal revelations early last year.

It now remains to be seen how this bill stands the test of time, and the test in the Indian Parliament.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

+ 10 = 20