Source– The post is based on the article “Falling short” published in “The Hindu” on 9th August 2023.
Syllabus: GS2- Polity
Relevance: Important Bills and Acts
News– Recently, The Digital Data Protection Bill, 2023, was passed in the Lok Sabha on Monday.
What are the major provisions of the Bill?
An entity or individual, referred to as the data fiduciary, is allowed to process the personal data of an individual for a lawful purpose. It can be done only after obtaining the data principal’s consent. It can be processed for specific legitimate reasons.
These legitimate reasons are instances in which the data can be processed without obtaining the data principal’s consent. This includes situations where government agencies process the data to issue licenses, provide welfare benefits, grants, and services.
The Bill also imposes a responsibility on the data fiduciary to inform both the data principal and the Data Protection Board to assess compliance with the Bill in case of a breach of personal data.
What are the concerns related to the Bill?
The Bill does not contain the provision related to the requirement of informing data principals about third parties with whom their data might be shared, or specifying the duration for which the data will be stored.
Too much leeway is provided to agencies of the state in the form of exemptions.
The Srikrishna Committee’s Draft Bill in 2018 allowed for exemptions to state institutions from acquiring informed consent in matters related only to the “security of the state”.
It also suggested parliamentary oversight and judicial approval of non-consensual access to personal data.
In the 2023 version, the state is empowered to process data through wide-ranging exemptions. The government is allowed to collect information which could be used for mass surveillance.
In providing exemption to the state for obtaining , the Bill also does away with purpose limitation — using the data only for the specified purpose.
For further reading-