List of Contents
- What is the approach followed by the Digital Personal Data Protection Bill 2022?
- What is the importance of sectoral expertise?
- What are the major approaches adopted by the global community to regulate privacy and protect data?
- What are issues with the American sectoral approach to data protection?
- What is the way forward for regulation of data in India?
Source– The post is based on the article “Understanding the street dogs-human conflict” published in “The Hindu” on 29th March 2023.
Syllabus: GS3- Science and Technology. GS2- E-governance
Relevance– Issues related to regulation of digital space
News– The Digital Personal Data Protection (DPDP) Bill 2022 was proposed recently. It provides a framework to safeguard citizens’ information from misuse and unauthorised access.
What is the approach followed by the Digital Personal Data Protection Bill 2022?
The current draft of the Bill tries to tackle the issue of conflicting sectoral regulations. It states that the provisions of the Bill will complement and not create exemptions from existing regulations. But, in case of conflict, the Bill will take precedence.
The Bill raises concerns about sectoral regulations that may go beyond what the Bill provides.
What is the importance of sectoral expertise?
Data protection and privacy are highly dependent on context, including the type of data collected, how it is collected, the intended use and the associated risks. This makes sectoral expertise crucial to regulate effectively.
Sectoral expertise offers a deep understanding of a particular sector, including its market dynamics, technologies, risks and business models. It also enables regulators to engage with stakeholders and industry experts in a well informed and productive manner.
What are the major approaches adopted by the global community to regulate privacy and protect data?
They are comprehensive legislation and sector specific regulations.
Comprehensive approach– The European Union’s General Data Protection Regulation is the comprehensive approach.
The GDPR, despite being a comprehensive framework, has specific provisions for certain industries such as health care.
GDPR also permits EU Member States to implement measures which go beyond the provisions given in the GDPR. For example, Germany has stricter provisions compared to the GDPR.
The European Data Protection Board is made up of representatives from each EU member state’s data protection authority. It provides guidance on the implementation and interpretation of the GDPR, including sector specific issues.
Sectoral approach– The sectoral approach is followed in the United States. It is seen through laws such as the Health Insurance Portability and Accountability Act in health care, and the GrammLeachBliley Act for the financial sector. It consists of regulations tailored to specific industries.
What are issues with the American sectoral approach to data protection?
There are issues related to inconsistent protection, problems in enforcement, overlapping and contradictory provisions, and a lack of federal regulation.
This creates confusion and coverage gaps for businesses. There is no centralised authority to enforce data protection laws. It leads to a lack of standardisation.
What is the way forward for regulation of data in India?
The GDPR model may not work for India as the The Data Protection Board is designed as a grievance agency, and not as a regulator.
The current draft of the Bill needs greater clarity and specificity regarding the interaction with sectoral regulations. There is a need to draw from our experience to find the right balance.
In India, we already have sectoral regulations regarding data protection such as the Reserve Bank of India’s directive on storage of payment data. These are the result of extensive industry consultations and expert input.
Neglecting these regulations and establishing a new framework would undermine the considerable effort invested in their creation. It will require the industry to readjust their
operations again at considerable cost.
The DPDP Bill must serve as the minimum layer of protection, with sectoral regulators having the ability to build on these protections.
Data protection is a complex subject. There is a need to create room for sectoral experts to safeguard the interests of citizens more effectively.