Recently, the Union Government has introduced a revised bill for personal data protection. The bill, now referred to as the Digital Personal Data Protection Bill of 2022, came three months after the withdrawal of the Personal Data Protection Bill from 2019.
Understanding the Seven Principles of the 2022 Bill
The Digital Personal Data Protection Bill 2022 is based on seven core principles. These stipulate that organizations must handle personal data in a lawful, fair and transparent manner, with usage limited to its original purpose of collection. The third principle deals with data minimization, while the fourth emphasizes data accuracy during collection. Also, personal data can’t be stored perpetually by default, instead being subjected to a fixed storage duration. Further, there must be reasonable safeguards against unauthorized data collection or processing. Finally, the party deciding the purpose and means of data processing should be held accountable.
Key Features of the Digital Personal Data Protection Bill
This bill encompasses many important features. It recognizes data principal and data fiduciary – data principal refers to the individual whose data is processed, and in case of minors, their guardians play this role. On the other hand, data fiduciary decides about the processing of an individual’s personal data.
The bill also identifies significant data fiduciaries — those dealing with high volumes of personal data — necessitating the appointment of a Data Protection Officer and an independent data auditor. It ensures the right of individuals to access information, consent, erase, nominate and also includes provisions for cross-border data transfer, financial penalties, and exemptions.
Significance of the Digital Personal Data Protection Bill
The new bill offers considerable relaxations on cross-border data flow, marking a shift from the previous bill’s stringent requirement of local data storage. Furthermore, the right to post-mortem privacy, absent from the previous bill but recommended by the Joint Parliamentary Committee (JPC), is recognized.
Strengthening Data Protection Regime in India
In the past few years, India has taken significant steps to fortify its data protection regime. The Supreme Court’s judgement in Justice K. S. Puttaswamy (Retd) Vs Union of India case in 2017 affirmed the constitutionally protected right to privacy of Indian citizens. The Government also appointed a committee of experts under the chairmanship of Justice B N Srikrishna in 2017, which suggested recommendations to bolster the privacy law. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 are another key aspect of this reinforcement.
Data Protection Laws in Other Nations
Different nations have unique approaches to data protection. For instance, the European Union’s General Data Protection Regulation provides a comprehensive law for personal data processing, emphasizing individual dignity and rights over data. The US does not have a comparable set of rights, instead opting for limited sector-specific regulation. Conversely, China has recently enacted laws like the Personal Information Protection Law (PIPL) and the Data Security Law (DSL), tightly controlling the use and transfer of personal data.
Reviewing the Right to Privacy through UPSC Civil Services Examination Questions
The UPSC Civil Services Examination presents some insightful questions regarding the ‘Right to Privacy.’ These questions focus on its constitutional protection under Article 21, the intrinsic part it plays in the right to life and personal liberty, as also addressed indirectly in the latest judgement of the Supreme Court.
