• search
For Quick Alerts
For Daily Alerts

Taking control: Why the Personal Data Protection Bill is a game changer


New Delhi, Dec 05: The WhatsApp breach, the misuse of data among other related incidents have given us all the need to ponder over one fact and that is why we need to have control over our data.

With India leaning towards data localisation, it becomes extremely important to move towards the Personal Data Protection Bill that is set to be tabled in the Parliament. The overall aim of the Bill is to protect and regulate data privacy.

Taking control: Why the Personal Data Protection Bill is a game changer

It was the Justice Shrikrishna Committee that had submitted the draft last year to the Ministry of Electronics and Information Technology. The draft had made several recommendations and after much consultation, it was decided to go ahead with it.

Cabinet clears Citizenship Amendment Bill, to be tabled in Parliament next week

In the draft bill, it was stated that any person processing data owes data to the data principal to process personal data in a fair and reasonable manner. The privacy of the data principal needs to be respected, it was also stated.

    Unnao case survivor set on fire by 2 of the 3 accused, suffering from 60-70% burns|OneIndia News

    Another key recommendation was that the personal data that is collected must be processed only for the purpose it was collected in the first place. In a nutshell, this bill would restrict and also impose conditions on the cross border transfer of personal data.

    Penalty clause:

    The Bill provides for a penalty of Rs 15 crore or 4 per cent of the total worldwide turnover of any data collection entity, including the state for violation of personal data processing provisions.

    Citizenship Bill: Understanding the clause that exempts ILP, Sixth Schedule regions

    In the draft, it was said that the failure to take prompt action on a data security breach would also attract a fine of Rs 5 crore or 2 per cent of the turnover, whichever is higher.

    One of the key components of this Bill is that it provides a right to privacy. It clearly states, the right to privacy is a fundamental right and hence it is necessary to protect personal data as an essential facet of information privacy.

    The three categories:

    The Bill categories data into critical, sensitive and general. This ensures that sensitive data that includes financial, sexual, health, biometrics, transgender status, religious and political belief and affiliation can be stored only in India. The data, however, can be processed outside India only with explicit consent.

    Data is that is not critical and non-sensitive will fall under the general category and there is no restriction on where it is stored or processed. Critical data, on the other hand, will be defined by the government from time to time.

    In the interest of national security, certain agencies would have access to personal data for investigation purposes. On the other hand, the government would be entitled to direct a fiduciary to get access to non-personal data in order to provide better service to citizens. Broadly the government can use anonymous or non-personal data for research or other purposes.

    Parliament passes bill to merge UTs of Daman and Diu, Dadra and Nagar Haveli

    Why this Bill matters to you and me:

    You will have control over your data once this Bill is passed and becomes a law. A person, including an ordinary person, would have complete command over his data and this would, in turn, prohibit companies from misusing the data of an individual.

    The Bill acts as a safeguard against the breach of privacy of individuals and any entity would have to share the purpose for which the data is being used. The Bill also gives the individual the right to take action against the misuse of their personal data.

    This would lead to a great deal of transparency as the user will have complete control over the data. These strict clauses would only ensure that companies do not play around with your data and this would reduce the malpractices to a great extent.

    Speaking further about privacy, the draft Bill had said that the data principal shall have the right to be forgotten. This essentially means that the data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary related to the data principal where such disclosure:

    (a) has served the purpose for which it was made or is no longer necessary

    (b) was made on the basis of consent under section 12 and such consent has since been withdrawn

    (c) was made contrary to the provisions of this Act or any other law made by Parliament or any State Legislature.

    For Daily Alerts
    Get Instant News Updates
    Notification Settings X
    Time Settings
    Clear Notification X
    Do you want to clear all the notifications from your inbox?
    Settings X
    We use cookies to ensure that we give you the best experience on our website. This includes cookies from third party social media websites and ad networks. Such third party cookies may track your use on Oneindia sites for better rendering. Our partners use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on Oneindia website. However, you can change your cookie settings at any time. Learn more