Search
  • LawPublicus

Data Protection Laws In India



Name - Anmol Mathur

Designation- Student, Queen Mary University of London

E-mail- anmolmathur475@gmail.com


The world is encompassing itself into a digital hub. Data is the new currency of the twenty-first century. While comprehensive acts exist worldwide to protect personal data, India remains nascent in its journey towards data protection. The issue of personal data became prevalent during the Aadhar debate and it was concluded that not all matters of Individual privacy fall under the ambit of Article 21 of the constitution.


A committee was established by the government of India under the chairmanship of former Supreme Court Judge Shri B N Shrikrishna that was responsible for drafting a data protection bill. The White Paper as it is popularly called, solicited comments from the general public as to how a data protection law should look like in India. The findings of the committee were established in form of a report titled A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians. Alongside, a draft personal data protection bill was also submitted. After several revisions, the personal data protection bill was introduced in Lok Sabha on 11th December 2019.


The Personal Data Protection Bill, 2019 is aimed at establishing a data protection authority in India that works coherently to protect the privacy of individuals relating to their personal data. Here personal data refers to an individual’s character traits, identity, and attributes of a natural person. The bill also specifies the conduct of using Sensitive Personal data which is biometric data, caste, religious or political beliefs, official identifier, sexual orientation, genetic data, transgender status, or intersex status.


Other key points of PDPB, 2019 include:

  • The personal data in question is the one that is processed, collected, disclosed, and shared in the territory of India.

  • Data can be collected for specific purposes. The notice needs to be given for the collection of such data. Data can be retained only to perform certain purposes and should be deleted thereafter.

  • Parental consent is necessary when processing sensitive personal data of children.

  • While consent seems to be the prerequisite of processing information, one of the exceptions to processing information include information used by the state for providing benefits to individuals.

  • The bill also proposes the rights of an individual from whom data is collected. These rights include confirmation from data fiduciary if their data has been processed, correction of inaccurate/incomplete information, data portability, and the right to be forgotten.

  • The bill also proposes the establishment of a data protection authority, that shall ensure compliance with the propositions made in the PDPB bill.

  • The bill may not apply to any agency of the government if it is necessary for the maintenance of sovereignty and integrity of India. Personal data is also exempted from the provisions of this act which includes: data for prevention, investigation, prosecution of an offense, personal and domestic purposes, research archiving or statistical purposes, and journalistic purposes.

  • Penalties shall be imposed on data fiduciary that doesn’t adhere to data protection which can amount to Rs 5 crores or 2 percent of the worldwide turnover of the preceding year, whichever is higher. Failure to process data as per the specifications of the PDPB act can lead to a fine of Rs 15 crore or 4 percent of the worldwide turnover of the preceding year, whichever is higher. Furthermore, reidentification and processing of de-identified personal data without consent are punishable with imprisonment up to 3 years or fine, or both.


In conclusion it can be observed that the emphasis on consent has been inspired by articles of EU GDPR. Presently large asymmetry exists between data providers and data consumers. Hence, the penalties provided by the bill against data fiduciaries in case of noncompliance is commendable. The exceptions to the bill may question the purpose for which the bill was proposed in the first place.


At present the Personal Data Protection Bill, 2019 is in the final stages of parliamentary review and is being examined by a joint parliamentary committee.


In the future, if the bill is passed it shall be a defining time in India's quest for privacy laws and data protection.





#DataPrivacy

#PrivacyLaws

#PDP2019

#Privacy

#IT

#Technology

#Internet


19 views0 comments

Recent Posts

See All