22 Nov Digital Personal Data Protection Bill
Data Protection Bill
This article is based on the “Digital Personal Data Protection Bill“. It talks about the Political and Constitutional significance of Digital Personal Data Protection.
Relevance for Prelims: GDPR, Right to Privacy.
Relevance for Mains: Right to Privacy, Right of erasure of data
Context: The central government has released a revised Data Protection Bill, now called the GDPR, 2022.
Principles of Draft Legislation:
1. Usage of personal data by organization must be done in manner that is fair under the jurisdiction of law, fair to the concerned individuals and ensure transparency.
2. Data cannot be stored perpetually, and storage of data should be limited to fixed duration.
3. There should be reasonable safeguards to ensure there in no collection and processing of personal data without authorization.
4. Organizations should pursue policies of Data Minimization.
5. Data collection should be done with accuracy.
6. The person who collects, decides the purpose and means of processing of data should be accountable for such processing.
Key terminologies associated with the Bill:
Data Fiduciary: It is an entity (it could be a firm/individual, state, or company) that decided the purpose and means of the processing of an individual’s personal data.
Data Principal: It refers to individuals whose data is being collected.
Cross Border-Transfer: The bill allows cross-border storage and transfer to certain countries and territories which are notified provided they have a suitable data security landscape and Government can access data of Indians from there.
Right to Erasure: Data Principals will have the right to get their data erased and corrected by the data fiduciary.
Significance of Data Protection Bill:
The bill allows concessions on cross-border data flows, which was not allowed in the previous draft and emphasized local storage of data within the territory of India.
The bill also recognizes the data principal right to withdraw data (withdraw consent) which did not find any mentioned in previous draft.
Data protection laws in other geographies
EU MODEL: The GDPR focuses on a comprehensive data protection law for the processing of personal data. It has been criticized for being excessively stringent and imposing many obligations on organizations processing data, but it is the template for most of the legislation drafted around the world.
In the EU, the right to privacy is enshrined as a fundamental right that seeks to protect an individual’s dignity and her right over the data she generates. The European Charter of Fundamental Rights recognizes the right to privacy as well as the right to protection of personal data and is backed by a comprehensive data protection framework, which applies to the processing of personal data by any means, and to processing activities carried out by both the government and private entities. There are certain exemptions such as national security, defense, public security, etc, but they are clearly defined and seen as exclusions on the periphery.
US MODEL: Privacy protection is largely defined as “liberty protection” focused on the protection of the individual’s personal space from the government. It is viewed as being somewhat narrow in focus because it enables the collection of personal information as long as the individual is informed of such collection and use. The US template has been viewed as inadequate in key respects of regulation.
There is no comprehensive set of privacy rights or principles in the US that, like the EU’s GDPR, addresses the use, collection, and disclosure of data. Instead, there is limited sector-specific regulation. The approach towards data protection is different for the public and private sectors. The activities and powers of the government vis-à-vis personal information are, however, sufficiently well-defined and addressed by broad legislation such as the Privacy Act, the Electronic Communications Privacy Act, etc. For the private sector, there are some sector-specific norms.
CHINA MODEL: New Chinese laws on data privacy and security issued over the last 12 months include the Personal Information Protection Law (PIPL), which came into effect in November 2021. It gives Chinese data principals new rights as it seeks to prevent the misuse of personal data. The Data Security Law (DSL), which came into force in September 2021, requires business data to be categorized by levels of importance and puts new restrictions on cross-border transfers.
These regulations will have a significant impact on how companies collect, store, use and transfer data, but are essentially focused on giving the government overreaching powers to collect data as well as to regulate private companies that collect and process information.
Best Daily Current Affairs for UPSC
Nowadays Current Affairs are a very crucial part of any competitive examination. Without reading Daily Current Affairs, No one can pass any competitive examination. So everybody should accustom to reading Current Affairs for UPSC examination. Get the Best Daily Current Affairs for UPSC examination from Plutus IAS.