New data protection bill: A step closer to protecting privacy rights

Source– The post is based on the article “New data protection bill: A step closer to protecting privacy rights” published in The Indian Express on 16th December 2022.

Syllabus: GS3- Awareness in the field of IT

Relevance– Issues related to digital space

News– The article explains the provisions of the Digital Personal Data Protection Bill, 2022.

What are some provisions of the Bill?

Bill has two major stakeholders — the Data Principal and Data Fiduciary. Data Principal refers to the subject whose data is being processed. Data Fiduciary is an entity that processes this data.

In different spheres of the law, when one party owes a “fiduciary” duty towards another; the relationship between the two is guided by trust, assurance and good faith. The Bill seems to be affirming that the Data Fiduciary is responsible for safeguarding the interests of Data Principals.

Bill describes the obligations of the Data Fiduciaries towards Data Principals, the rights and duties of the latter. It provides for a regulatory framework through which data will be processed.

Which aspects of the Bill are noteworthy?

Safeguarding the data– The Bill has outlined a category of Significant Data Fiduciaries  that are required to comply with additional measures to safeguard the personal data of individuals. This in addition to the general obligations to prevent the misuse of the personal data of individuals.

This distinction is essential as only companies that process vast amounts of data or have a potential impact on the country’s sovereignty and integrity need to take such stringent measures.

Data localisation– Onerous provisions on “data localisation” in the previous versions of the Bill have been omitted. The reworked Bill permits the government to notify countries to which data transfers may be permitted. A balance has now been struck between the legitimate concerns of businesses and the protection of personal data of individuals.

What are the provisions of the Bill that require further elaboration?

Section 25 and Schedule I, that deal with penalties, require elaboration. Section 25 refers to the quantum of financial penalty that must be imposed on a person guilty of non-compliance in matters related to detail. The focus remains only on the nature and gravity of the violation.

The Bill must ensure that the penalties imposed are proportionate to the size and operations of a company. Fines must not drive companies into economic loss. The European Union’s General Data Protection Regulation levies penalties in accordance with the total turnover of companies.

What are the positive aspects of the Bill?

The Bill safeguards individual data. It also promotes cooperation between data fiduciaries and the government.

It draws upon the best practices of foreign jurisdictions, such as Europe and Australia. It has also been drafted in a manner that is tailor-made to India’s requirements.

Even the exemptions granted to the Centre are extremely restrictive and in sync with past judicial precedents and Article 19(2) of the Constitution.

Print Friendly and PDF