“Data is the new oil”- Personal Data Protection Bill 2019

 

In the modern age, data is the new oil. Privacy of data in our country is just a decade old. Before 2010 citizen as well as government of our country was not focusing on this important and sensitive issue. But it came to major lime light when Bharti Airtel Ltd had the problem of personal data with the Unique Identification Authority of India (UIDAI). There was allegation against Bharti Airtel ltd that the company’s executives used the Aadhaar-eKYC based verification process to open payments bank accounts of subscribers in another group company Airtel Payment Bank, without their clear and tacit permission of customer. Also, UIDAI had alleged that when customers went to Airtel’s app for verification, a box popped up with the statement “Upgrade or create my Airtel Payment Bank wallet using existing Airtel mobile KYC.” This is the gross negligence of privacy of the airtel customers as well as violation of UIDAI regulations.

Also, on 24th August 2017 Supreme Court has declared the right to privacy a fundamental right under the constitution. A nine-judge constitution bench headed by chief Justice J.S. Khehar ruled that right to privacy is an intrinsic part of right to life and personal liberty under Article 21 and entire Part III of the Constitution. This case also highlighted the need of data protection of the citizens of this country and an hour of need for the perfect statue to protect such data of the citizens.

Recently, the Ministry of Home Affairs has issued an advisory stating that ‘Zoom’ app for videoconferencing is not a ‘safe platform’.



The cyber coordination centre (CyCord) under the Union Ministry of Home Affairs, has issued an advisory on secure use of ZOOM meeting platform by private individuals. This advisory states that the platform is not for use by Government officers/officials for official purposes. Also, Indian Computer Emergency Response Team (CERT-In) said in an advisory recently “Insecure usage of the platform may allow cyber criminals to assess sensitive information such as meeting details and conversation.”²

So, we can see there is major psychological shift of citizens and government, especially after K.S.Puttaswamy case. Government of India has started taking the issues related to data protection seriously, which is evident from the recent zoom advisory and also committee setup under the chairmanship of retired Supreme Court Judge Justice B.N.Srikrishna for the drafting the new enactment Personal Data Protection bill 2019.

 

BACKGROUND OF THE BILL

In August 2017, the Union Ministry of Electronics & Information Technology (MEITY) constituted an Expert Committee to study and identify key data protection issues and recommend methods to address them. The ten-member committee was headed by Supreme Court Judge (retired) Justice B N Srikrishna and included members from government, academia, and industries. The committee also had the mandate to propose a draft bill for data protection.

The Committee released its Report and proposed Personal Data Protection Bill in July, 2018. The Draft was open for comments from the public till October 10, 2018. The panel of the committee has identified 50 statue may overlap this bill. The Aadhaar Act needs to be amended to bolster data protection and committee has suggested some other amendments also.

Provisions similar to Europe Union General Data Protection Bill:

This bill has borrowed most of the provisions from the Europe Union’s General Data Protection Regulation (GDPR), the provisions like following are borrowed:

1. Penalty of upto 4% of annual revenues;
2. Right to be forgotten;
3. Appointment of data protection officers by companies;
4. Privacy by design, which calls for inclusion of data protection while designing tech;
5. Users’ right to port their data to another company;

Provision under Personal Data Protection Bill, 2018

• Types of personal data under the Personal Data Protection bill 2018:

1. Sensitive personal data: Sensitive data is included in the act. It is the kind of data which includes passwords, health data, financial data, sex-life, genetic data, bio-metric data, transgender status, caste or tribe, religious or political beliefs.

The bill says that sensitive personal data shall be stored in India by the company using it but such data can be processed outside India with the consent of the Individual.

2. Critical personal data: It is the kind of that which is very critical for any individual. It is the data which is very important for the individual like personal Identity proof details (aadhaar detail), bank account number etc.

The bill says that such kind of data shall be stored and processed only in the server or centre which are located in India. Also, the bill says any violation of this can cost penalty of Rs. 5 crore or 2% of global turnover of the company.

• Right to forgotten: The bill also includes within its ambit “Right to forgotten”. This is the personal right given to the individual. As per this right, if individual share his data with any company or on online platform then he can avail this right and all the information shared by him will be prevented from being shared or disclosed or process to any third party.

• Data Protection Authority of India (DPA): The draft bill also talks about establishment of Data Protection Authority of India (DPA). The authority as per the act will be an independent regulatory authority responsible for the enforcement and effective implementation of the law.

CONCLUSION

• What it means for consumers?

1. Data can be processed or shared by any entity only after consent.

2. Safeguards including penalties, introduced to prevent misuse of personal data.

3. All data to be categorized under three heads- general, sensitive and critical data.

• What Companies have to do?

1. Social media firms to formulate a voluntary verification process for users.

2. Sharing data without consent will entail a fine of Rs. 15 crore or 4% of global turnover.

3. Data breach will entail a fine of Rs. 5 crore or 2% of global turnover.

Join us on:-