Article begins:
The Joint Parliamentary Committee (JPC) recently brought up the Personal Data Protection Bill, 2019 for further consultation. This significant bill is expected to be presented with a report in the Winter Session of Parliament 2021. Often referred to as the Privacy Bill, this legislation aims to safeguard individual rights by regulating the collection, movement, and processing of data that can identify an individual.
Overview of the Personal Data Protection Bill
The Privacy Bill empowers the government to authorize the transfer of specific types of personal data overseas and allows exceptions for government institutions to collect citizens’ personal data. The Bill categorizes data into three sections, each having different storage requirements: Personal data, Sensitive personal data, and Critical personal data.
1. Personal Data includes identifiable information like name, address etc.
2. Sensitive Personal Data encompasses details like financial status, health records, sexual orientation, biometric, genetic, and more.
3. Critical Personal Data refers to any data that the government may deem critical, such as information related to military or national security.
The bill eliminates the necessity of data mirroring for personal data and only requires individual consent for data transfer to other countries.
Role of Data Fiduciaries and Non-Personal Data
Data Fiduciaries, which could be service providers who collect, store and use data while providing goods and services, have an obligation as per the Bill to provide the government with any non-personal data when demanded. Non-Personal data refers to anonymized data like traffic patterns or demographic data. To regulate non-personal data, the government established a committee in September 2019.
Verification of Accounts and Protection of User Anonymity
The Bill emphasizes on companies and social media intermediaries, labelled as “significant data fiduciaries”, to facilitate voluntary user account verification in India. The measure aims to reduce user anonymity and curb trolling. A ‘Right to be Forgotten’ is also included in the bill, allowing individuals to limit or prevent continuous disclosure of their personal data by a data fiduciary.
Benefits of the Personal Data Protection Bill
Data localization could bolster law enforcement agencies’ capacity to investigate and enforce laws while increasing the government’s ability to tax internet giants. The Bill will also help check instances of cyber-attacks and surveillance, control dissemination of fake news through social media, and maintain national security. Strong data protection legislation will also aid in enforcing data sovereignty.
Criticisms and Potential Challenges of the Personal Data Protection Bill
The Bill has faced criticism from multiple fronts. Some argue that in the realm of cyberspace, the physical location of the data is irrelevant as encryption keys may still be beyond the reach of national institutions. Terminologies like ‘national security’ or ‘reasonable purposes’ are subjective and could potentially lead to state intrusion into citizens’ private lives.
Technology behemoths like Facebook and Google criticize the policy of data localization as protectionist and fear a potential ripple effect in other countries. Social media organizations, experts, and ministers have expressed concerns about the bill’s numerous loopholes, which they believe make it ineffective and potentially detrimental to both users and companies. Furthermore, there are worries that the legislation could hinder the global growth of India’s burgeoning startups and larger firms processing foreign data in India.