Skip to main content

​All you need to know about the Personal Data Protection Bill, 2018

 With the advancement in technology and the revolutionary increase in the use and dependability of internet, a lot of data is being created and shared by us through mobile applications and websites, including personal information. A lot of this data is also stored in hard disk, cloud, database, memory disk, internet, computer, etc. and the same continues to grow at limitless rates leading some sensitive information to enter the “Public Domain”. Once the data enters the public domain it is subjected to various threats such as the threat from hackers, software threats, misuse or misrepresentation of information, data breaches and leaks creating a need for data protection.

 


What is Data Protection?

The term Data Protection means legal control over access to and use of data stored. In other words, it refers to a series of continuous and repetitive processes, sound policies and privacy laws to reduce intrusion in one’s privacy.

 


Consult: Top Cyber Crime Lawyers in India


 


Data Protection in India

Up until now, privacy laws in India offer little protection against misuse of one’s personal information. The transfer of personal data is currently governed by the Sensitive Personal Data and Information Rules, 2011, which has been proven to be inadequate. With the mounting concerns worldwide regarding the protection and need for legal regulation of an individual’s personal data in the face of various scandals, the need for a similar legislation is of greatest importance in India, where the data-driven services and transactions in the digital economy are ever increasing but apparently, the personal data of Indian nationals sees very little protection.


Recently, an admission was made by Facebook that the data of 87 million users, including 5 lakh Indian users, was shared with Cambridge Analytica, a British political consulting firm which combined data mining, data brokerage, and data analysis with strategic communication during the electoral processes. The very thought of personal data being used for unknown intentions sent ripples across the world. In furtherance to this, the European Union, in order to protect the personal data of individuals had enacted the General Data Protection Regulation (GDPR) which establishes the right to privacy as a Fundamental Right. Following the implementations of the GDPR and taking examples from the legal frameworks of other countries on the subject, the Personal Data Protection Bill 2018 has been introduced by the Justice B.N. Srikrishna Committee to prevent “Personal Data” of individuals from being misused.

 


What are the key aspects of the draft bill?

The Personal Data Protection Bill has introduced concepts which are the essence of data protection, such as:


Data Fiduciary- The Bill defines every entity (a state, a company, any juristic entity or any individual) which determines the purpose and means of processing the personal data as the “Data Fiduciary”.


Data Processor- It refers to every entity (a state, a company, any juristic entity or any individual) which actually processes the personal data on behalf of a data fiduciary as a “Data Processor”.


Data Principal- It means every entity including an individual, a Hindu Undivided Family, a company, a firm, a state, an association of persons or a body of individuals and every artificial judicial person.


The proposed Data Protection Bill states that unless explicit consent is given, your personal data cannot be shared or processed, which means that the onus lies on you to make an informed choice. It also states that any person processing your personal data is obligated to do so in a fair and reasonable manner and it shall not be processed for the purposes it was not intended for in the first place. It makes the data fiduciary responsible for complying with the obligations in respect of any processing undertaken by it or on its behalf.

 


Consult: Top Cyber Crime Lawyers in India


 


Grounds for processing personal data under the Bill

The Bill makes consent an essential part of processing data. No data shall be processed without the consent of the data principal. However, the data shall be processed without consent only on certain grounds specified in the draft bill, such as:


If processing is necessary for any function of Parliament or any State Legislature or for any service or benefit to the data principal.


For compliance with any order or judgment of any Court or Tribunal in India.


To respond to any medical emergency involving a threat to life, a severe threat to the health or outbreak of disease.


Recruitment or termination of employment of a data principal by data fiduciary.


Prevention and detection of any unlawful activity, mergers, and acquisition, credit scoring, recovery of debt and whistleblowing.

 


Grounds for processing sensitive personal data under the Bill

The term 'Sensitive Personal Data' includes passwords, financial data, health data, biometric data, genetic data, and data on caste or tribe or religious and political beliefs. The sensitive personal data may be processed on the basis of explicit consent for:


Any function of Parliament or any State Legislature,


For any service or benefit to the data principal.


For compliance with any order or judgment of any Court or Tribunal in India.


To respond to any medical emergency involving a threat to life, a severe threat to the health or outbreak of disease.

 


Rights of Data Principal

Under the Personal Data Protection Bill, the Data Principal are granted certain rights such as:


Right to confirm whether the data fiduciary is processing or has processed the personal data and access to the data.


Right to correction of inaccurate, misleading or incomplete personal data.


Right to data portability.


Right to be forgotten, i.e., the right to restrict or prevent continuing disclosure of personal data by a data fiduciary.

 


Consult: Top Cyber Crime Lawyers in India


 


Transfer of personal data outside India

Personal data other than those categorized as sensitive personal data may be transferred outside the territory of India under the following conditions:


Transfer is made subject to standard contractual clauses or inter-group schemes that have been approved by the Authority.


The Central Government has prescribed that transfers to a particular country or sector within a country is permissible.


The Authority approves a particular transfer or set of transfers as permissible.


In furtherance to the above, the data principal has consented to such transfer of personal data.

 


Exemptions

Processing of personal data in the interests of prevention, detection, investigation, and prosecution of any offense or any other contravention of law is permitted, provided it is authorized by a law made by Parliament and State Legislature.


The Ministry of Electronics and Information Technology has announced that before the Draft Bill is passed by the Parliament, it will undergo intensive parliamentary consultation. The Ministry solicits comments from General Public on the Draft Bill in order to ensure that it is indeed the need of the hour and beneficial to the interests of the individuals. The Draft Bill, when enacted will give way to new data privacy regime, which is based on trust and efficient mechanism between the Data Fiduciary and Data Principal. The Draft Bill imposes series of obligations on the State and makes it accountable for processing the personal data of an individual, thereby protecting both - the personal data and the constitutionally guaranteed right to privacy.


To read the Personal Data Protection Bill, 2018, click here.

Comments

Popular posts from this blog

Concept of constitutionalism

  Concept of constitutionalism Who Started Constitutionalism? John Locke - The English Bill of Rights is a foundational constitutional document that helped inspire the American Bill of Rights. Political theorist  John Locke  played a huge role in cementing the philosophy of constitutionalism.  Constitution is a written law which describes the structure of Government, the rules according to which the Govt. must work and the boundaries within which the Govt. must work. Constitutionalism   can be defined as the doctrine that governs the legitimacy of government action, and it implies something far more important than the idea of legality that requires official conduct to be in accordance with pre-fixed legal rules. Constitution constitution is the document that contains the basic and fundamental law of the nation, setting out the organization of the government and the principles of the society. Basic norm (or law) of the state; System of integration and organi...

business tips

1. Have a clear vision for your business and strive to achieve it. 2. Hire great people and give them ownership in the company. 3. Provide excellent customer service. 4. Establish yourself as an expert in your field. 5. Develop relationships with key suppliers, customers, and partners. 6. Keep track of your finances and invest in marketing and innovation. 7. Utilize digital platforms to reach a larger audience. 8. Take calculated risks and back yourself. 9. Continuously strive to improve your products and services. 10. Make customer satisfaction your priority.

Effects of Non-Registration

 Effects of Non-Registration The Companies Act, 2013 evidently highlights that the main essential for any organization to turn into a company is to get itself registered. A company cannot come into existence until it gets registered. But no such obligation has been imposed for firms by the Indian Partnership Act, 1932. If a firm is not registered it does not cease to be called as a firm, it still exists in the eyes law. Certainly, such a big advantage is not absolute but is subjected to a lot of limitations which we will study further. Non-registration of a firm simply means that the business skips the formalities of incorporation and ceases to exist in the eyes of the law. section 58 of the Indian Partnership Act, 1932 deals with the procedure of incorporation. Likewise, the meaning of non-registration is the exact opposite of registration, meaning when a firm does not go through the procedure of incorporation or start carrying on activities without getting registered. Effects of ...