Taking control: Why the Personal Data Protection Bill is a game changer
New Delhi, Dec 05: The WhatsApp breach, the misuse of data among other related incidents have given us all the need to ponder over one fact and that is why we need to have control over our data.
With India leaning towards data localisation, it becomes extremely important to move towards the Personal Data Protection Bill that is set to be tabled in the Parliament. The overall aim of the Bill is to protect and regulate data privacy.
It was the Justice Shrikrishna Committee that had submitted the draft last year to the Ministry of Electronics and Information Technology. The draft had made several recommendations and after much consultation, it was decided to go ahead with it.
In the draft bill, it was stated that any person processing data owes data to the data principal to process personal data in a fair and reasonable manner. The privacy of the data principal needs to be respected, it was also stated.
Another key recommendation was that the personal data that is collected must be processed only for the purpose it was collected in the first place. In a nutshell, this bill would restrict and also impose conditions on the cross border transfer of personal data.
The Bill provides for a penalty of Rs 15 crore or 4 per cent of the total worldwide turnover of any data collection entity, including the state for violation of personal data processing provisions.
In the draft, it was said that the failure to take prompt action on a data security breach would also attract a fine of Rs 5 crore or 2 per cent of the turnover, whichever is higher.
One of the key components of this Bill is that it provides a right to privacy. It clearly states, the right to privacy is a fundamental right and hence it is necessary to protect personal data as an essential facet of information privacy.
The three categories:
The Bill categories data into critical, sensitive and general. This ensures that sensitive data that includes financial, sexual, health, biometrics, transgender status, religious and political belief and affiliation can be stored only in India. The data, however, can be processed outside India only with explicit consent.
Data is that is not critical and non-sensitive will fall under the general category and there is no restriction on where it is stored or processed. Critical data, on the other hand, will be defined by the government from time to time.
In the interest of national security, certain agencies would have access to personal data for investigation purposes. On the other hand, the government would be entitled to direct a fiduciary to get access to non-personal data in order to provide better service to citizens. Broadly the government can use anonymous or non-personal data for research or other purposes.
Why this Bill matters to you and me:
You will have control over your data once this Bill is passed and becomes a law. A person, including an ordinary person, would have complete command over his data and this would, in turn, prohibit companies from misusing the data of an individual.
The Bill acts as a safeguard against the breach of privacy of individuals and any entity would have to share the purpose for which the data is being used. The Bill also gives the individual the right to take action against the misuse of their personal data.
This would lead to a great deal of transparency as the user will have complete control over the data. These strict clauses would only ensure that companies do not play around with your data and this would reduce the malpractices to a great extent.
Speaking further about privacy, the draft Bill had said that the data principal shall have the right to be forgotten. This essentially means that the data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary related to the data principal where such disclosure:
(a) has served the purpose for which it was made or is no longer necessary
(b) was made on the basis of consent under section 12 and such consent has since been withdrawn
(c) was made contrary to the provisions of this Act or any other law made by Parliament or any State Legislature.