Home About Us
About Jigyasa IAS Mission & Vision Director’s Message
UPSC CSE
About Civil Services Examination Eligibility Criteria for CSE CSE Exam Pattern How to prepare for CSE How to choose optional subject
Courses
GS Foundation Course Sociology Optional Courses Guided Preparation Module Daily Rigorous Answer Writing
Daily Feeds
Daily Current Affairs Editorials Daily Quiz Free Answer Writing
Useful Links
About Prelims About Mains About Interview Daily Study Guideline Essential Book List
Downloads
NCERT Book List Govt. Welfare Schemes Daily Downloads
Contact Us
Blog Login

The Editorial 20-12-2022 An Accessible Law : A step closer to protecting privacy rights

INDIAN POLITY
20 Dec, 2022

Theme : Right to privacy, Personal Data Protection Bill, Joint Committee of Parliament (JCP) on the Bill etc
Paper:GS - 2 and GS - 3

TABLE OF CONTENT

  1. Context
  2. Background of the Data Privacy Law & Justice BN Srikrishna Committee Data Protection Report
  3. New Data Protection Bill
  4. Significant aspects of the Bill
  5. Why is Data Protection needed ?
  6. Road Ahead

Context : In August 2022, the government withdrew the bill and on November 18th released the fourth iteration of the data privacy legislation: The Digital Personal Data Protection Bill, 2022 (Bill).

Background of the Data Privacy Law & Justice BN Srikrishna Committee Data Protection Report

  • Started in 2010 with the constitution of the Justice Srikrishna Committee

Justice BN Srikrishna Committee Data Protection Report:

  • The Committee was constituted by the union government in July 2017, to deliberate on a data protection framework.
  • The Supreme Court in its Puttaswamy judgment, 2017: It declared privacy a fundamental right.
  • Interests of citizens: The report has emphasized that interests of the citizens and the responsibilities of the state have to be protected, but not at the cost of trade and industry.
  • It proposed a draft Personal Data Protection Bill.

New Data Protection Bill

  • Inclusion of the word “digital” in the Bill’s title speaks to India’s long standing goal of being a digitally forward society.
  • Bill has two major stakeholders:
  • Data Principal
  • Data Fiduciary.
  • Data Principal: It refers to the subject whose data is being processed
  • Data Fiduciary: It is an entity that processes this data.
  • Data Fiduciary: It is responsible for safeguarding the interests of Data Principals.
  • Bill describes:
  • the obligations of the Data Fiduciaries towards Data Principals
  • the rights and duties of the latter
  • regulatory framework through which data will be processed.
  • Bill lists the “duties” of the Data Principals: these have no bearing on the realization of the rights provided by the Bill.

Significant aspects of the Bill : 

  • In addition to the general obligations to prevent the misuse of the personal data of individuals
  • The Bill has outlined a category of Significant Data Fiduciaries entities: that are required to comply with additional measures to safeguard the personal data of individuals.
  • Only companies that process vast amounts of data or have a potential impact on the country’s sovereignty and integrity need to take such stringent measures.
  • Such measures reduce the compliance cost of companies that are at a nascent stage.
  • Data localisation” in the previous versions of the Bill, have been omitted: The reworked Bill permits the government to notify countries to which data transfers may be permitted.

Why is Data Protection needed ?

  • Large internet coverage: India currently has over 750 million Internet users, with the number only expected to increase in the future.
  • Digital India: The Government is also making a strong push for a ‘Digital India’, with increased focus on digitisation of access to health, ration, banking, insurance, especially after the COVID-19 pandemic.
  • Inter-linking of data: There is a greater focus on the inter-linking of data, whether through facial recognition, Aadhaar, or the Criminal Procedure (Identification) Act, 2022.
  • Highest data breaches: India has among the highest data breaches in the world.Around 18 of every 100 Indians have been affected by data breaches since 2004.
  • Risk of data: Without a data protection law in place, the data of millions of Indians continues to be at risk of being exploited, sold, and misused without their consent.
  • Non-enforcement of FR against private non-state entities: Unlike state action, corporate action or misconduct is not subject to writ proceedings in India.

Road Ahead : 

  • Govt to notify countries for data transfer: It is a major respite for several tech companies, who have long talked about the infeasibility of the data localisation provisions.
  • A balance has now been struck between the legitimate concerns of businesses and the protection of personal data of individuals.
  • Penalties imposed: The Bill must ensure that the penalties imposed are proportionate to the size and operations of a company – to be effective, fines must not drive companies into economic loss.
  • European Union’s General Data Protection Regulation (GDPR): amongst other similar regulations, which levies penalties in accordance with the total turnover of companies.
  • The Bill safeguards individual data, whilst also promoting cooperation between data fiduciaries and the government.
  • It draws upon the best practices of foreign jurisdictions: such as Europe and Australia
  • It has been drafted as per India’s requirements.
  • The exemptions granted to the Centre are extremely restrictive and in sync with past judicial precedents and Article 19(2) of the Constitution.

FAQs : 

  1. When was Justice Srikrishna Committee constituted?

ANS. 2017

  1. What was drafted by this Committee?

ANS. It proposed a draft Personal Data Protection Bill.