Skip to main content

Personal Data Protection Bill 2018- A Concise Perusal

Amidst fears with regard to handling of sensitive data and information and several allegations being levelled against the government of enabling the creation of a surveillance state and also with regard to the alleged leak of private information of plethora of people on the social networking site Facebook, a committee headed by retired Justice BN Srikrishna was constituted and given the task of carving out a solid foundation or a digital framework for proper handling and processing of personal and sensitive data and after a long and tedious deliberation it submitted its draft of the “Personal Data Protection Bill, 2018” on July 27, 2018 to the Government. 

Various Entities:
The Bill has recognised several entities Data Principal (whose data is processed), Data Processor/Data Fiduciaries (who processes the data), a central regulating authority called the Data Protection Authority of India (DPAI) whereby term “Processing” includes collecting, recording, adapting, indexing and disclosing personal data. DPAI is the central authority which is concerned with proper implementation of the provisions of bill.

Consent- Core Principle:
Bill serves to give “consent” as the predominant factor to determine the course of processing of sensitive information and explicitly mentions that consent of Data Principal should be extracted from him before his personal data may be handled and consent must be “specific”, “clear”, “informed” and “capable of being withdrawn” and must be fully “aware of the consequences” that may follow.

Vulnerable Sections- High Standard of Consent Required:
Strong protection becomes all the more necessary in cases involving vulnerable sections of society such as children and bill has been successful in catering to this need and has laid down above par protective shield explicitly to prevent violation of children and the untoward use of their personal data. 

Rights of Data Principal:
The rights given to the Data Principal form the backbone of bill. They are:-
1. “Right to be forgotten” which enables a Data Principle to get his old, irrelevant data removed from the public domain, however the term is very broad and has always been a subject of controversy whenever the time comes for its practical implementation. 
2. The “Right to Portability” enables a Data Principal to freely mobilise their data across service providers and such other Data Fiduciaries. 
3. The “Right to Correction” which gives them the right to correct and update the information and it becomes the duty of the Data Fiduciary to make the necessary changes. 
4. The “Right to Confirmation and Access” gives Data Principal the right to access and know for what purpose their information is being processed.

Data Protection Authority of India (DPAI) and Data Fiduciaries:
Dynamic outlook of the bill is evident from the creation of Data Protection Authority of India (DPAI) which will keep on with the work of categorisation and segmentation of the data as “Personal Data” which will then naturally heed to the provisions of the bill. However, the bill classifies Data Fiduciaries into “Significant” and “Insignificant” ones, which creates a lacuna as the bill delves the accountability only on “Significant” Data Fiduciaries and this provides for a safe escape for the ones who have not been tagged as “Significant”. Thus, not laying accountability for all data fiduciaries might lead to a weak control environment. 

Transnational Migration of Data:
To clear the fog of ambiguity, the bill has explicitly dealt with the issue of Transnational Migration of data in which it has stated the procedure for transnational mobilisation of data. However, the bill serves to put a restraint on Data Fiduciaries with regard to transferring “critical” and “sensitive” data and information and has delegated the authority to Data Protection Authority of India (DPAI) for labelling a data and information, as one which is “critical” and “sensitive”. 

Penalties:
The bill also entails severe penalties for the ones who act in contravention to its provisions and states that fines, as high as 5 Crores may be imposed upon the defaulters and these type of penalties present a very robust stature of the bill. It also provides that penalty up to 1 Crore may be imposed if any provision is violated and no specific punishment is prescribed for it. 

All in all it may be said that this bill is central to the evolution of data protection law in India and will hopefully help in steering the development and refinement of this branch of law in a positive direction.

Written By : Rahil Setia (2nd Year)

Disclaimer : The views expressed in this article are views of the author and do not reflect the views of the Blog.

Location: India

Comments

Post a Comment

Popular posts from this blog

Diwali: A Festival of Lights

There are but few festivals in India that are celebrated with as much zeal and happiness as Diwali. One would be right in saying that it is the brightest and the biggest festivals of the Hindus. So grand is its celebration that Diwali has now become an Indian festival, not just a Hindu festival. The country lights up days before Diwali and stays alight for days afterwards as well. Celebrations of Diwali go back to ancient India, with several legends claiming its origin. Harvest is perhaps its most simple and ancient claimant, however, subsequent legends like a marriage of goddess Lakshmi and Lord Vishnu and the return of Lord Rama from Lanka are equally popular beliefs. Celebrations on the day of Diwali are marked by prayers in the evenings and lighting up of houses with lamps and fairy lights in the evening, before the dark sets in. After the prayers have been done, it is a common tradition for children to burst crackers and for the elders and other members of a family to visit ...
Post a Comment
Read more

BREXIT and the Left Behind

The European Union or commonly referred to as the EU is an economic and political union of European states, with its de facto capital Brussels. The founding stones for the European Union were laid on 1ST Nov 1993, Maastricht, Netherlands.   The EU is governed by chimerical institutions and intergovernmental negotiated decisions of the member states.   The EU traces its ancestry from the European Coal and Steel Community (ECSC) and the European Economic Community (EEC). Over a period of 60 years, EU has achieved a lot but Brexit is the greatest disaster to befall the European Union. Brexit has become a shorthand way of saying the UK leaving the EU- merging the words Britain and Exit to get BREXIT. Article 50 of the Treaty OF Lisbon confers any EU member with the right to quit unilaterally and also outlines the procedure for doing so. The article moreover formulates the procedure for the leaving country, two years to negotiate an exit deal and once it is set in motion it can...
Post a Comment
Read more

INTRA INSTITUTE DEBATE CHAMPIONSHIP - 2018

The ability to formulate your thoughts is something that everybody possess. However, it is the ability to put across your thoughts in such a manner that they appeal to those listening, is the gift of oration. Everybody is a speaker, but not everybody is an orator.  The annual edition of the Intra-Institute Debate Competition was organized on the 15 th of February, 2018. The debate was organized in two rounds with the first eliminations round being organized on the 13 th February, open to the whole student body. The eliminations saw strong participation on the topic ‘Is Space Exploration Ethical’. On the basis of the performance at the elimination rounds, 8 teams were chosen to participate in the final round organized on the 15 th in the Multi-purpose Hall (MPH). These 8 teams were: Afreen & Nritika (II Year) Fury (IV Year) & Kainat (II Year) Sankalp & Arundhati (III Year) Trisha & Anshul (II Year) Vatsala & Tavish (V Year) Prateek ...
Post a Comment
Read more