Right To Privacy And The Personal Data Protection Bill 2019
Introduction
- The Central Government shall establish, by notification, an Authority to be known as the Data Protection Authority of India for the purposes of this Act. The Authority referred to in sub-section (1) shall be a body corporate by the said name, with perpetual succession and a common seal, with the power, subject to the provisions of this Act, to acquire, hold, and dispose of property, both movable and immovable, and to contract, and shall sue or be sued by the said name. The Authority’s headquarters shall be located at such location as may be prescribed. The Authority may establish offices in other parts of India with the prior approval of the Central Government. The Authority shall be chaired by a Chairperson and shall have a maximum of six full-time members, one of whom shall be a person qualified and experienced in law. The Central Government shall appoint the Authority’s Chairperson and Members on the recommendation of a selection committee comprised of the following:
the Cabinet Secretary, who shall chair the selection committee;
the Secretary to the Government of India in the Ministry or Department responsible for Legal Affairs; and
the Secretary to the Government of India in the Ministry or Department responsible for Electronics and Information Technology.
- The Selection Committee shall follow such procedures as may be provided in suggesting names under sub-section (2). The Authority’s Chairperson and Members shall be individuals of ability, integrity, and standing, with a minimum of ten years of experience in the fields of data protection, information technology, data management, data science, data security, cyber and internet laws, public administration, national security, or related subjects.
What Is Right To Privacy?
According to Article 21 of the Indian Constitution, “No individual shall be deprived of his life or personal liberty unless in accordance with the method established by law.” After reading Article 21, it has been determined that the term ‘life’ encompasses all those parts of life that contribute to the significance, completion, and worthiness of a man’s life.
As with everything mankind has ever accomplished, there were both positive and negative aspects. Because technology has infiltrated every aspect of our life, whether intentionally or unintentionally, we cannot be certain that what we say has been heard by a third party as well, whether intentionally or unintentionally. Even walls have ears, as the ancient Hindi proverb states, has never rung truer. Today’s world may operate on the basis that whatever you do, the world will learn about it before you realize it; just ask a certain Tiger Woods. An intriguing development in Indian constitutional law is the Supreme Court’s extension of the scope of Article 21 in the post-Maneka age. According to the Supreme Court, Article 21 is the heart of the Fundamental Rights. Article 21 has demonstrated its multifaceted nature. The expansion of the parameters of Article 21 was made feasible by giving the terms ‘life’ and ‘liberty’ in Article 21 a broader connotation. These two words in Article 21 should not be taken literally. These are organic phrases that should be construed in a meaningful manner.
The Supreme Court has declared that it is not required for a right to be clearly stated in the constitution as a fundamental right in order for it to be treated as a fundamental right. Changes in the country’s political, social, and economic landscape necessitate the recognition of new rights. The law, in its everlasting youth, evolves to satisfy societal demands.
The right to privacy is one such right that was created as a result of expanding the scope of Article 21. The constitution, in particular, makes no reference to a right to privacy. However, the Supreme Court derived this right from Article 21 and numerous other parts of the constitution when read in conjunction with the Directive Principles of State Policy. In this paper, we will address a new facet of Article 21, namely the Right to Privacy, as well as the conflicts that arise as a result of it.
What Is Personal Data Protection Act 2019?
- Mr. Ravi Shankar Prasad, Minister of Electronics and Information Technology, presented the Personal Data Protection Bill, 2019 in the Lok Sabha on December 11, 2019. The bill aims to ensure that the personal data of persons are protected, and it establishes a Data Protection Authority to do so.
(i) The Bill regulates the processing of personal data by I the government,
(ii) Indian corporations, and
(iii) foreign firms dealing with the personal data of Indian citizens. Personal data is information about an individual’s qualities, features, or attributes of identification that may be used to identify them. Certain personal data is classified as sensitive personal data under the bill. Financial data, biometric data, caste, religion or political opinions, or any other category of data established by the government in collaboration with the Authority and the relevant sectoral regulator are all examples of this.
- Obligations of a data fiduciary: A data fiduciary is an entity or person who chooses how and why personal data is processed. Certain constraints on purpose, collection, and storage will apply to such processing.
(i) Personal data, for example, can only be handled for particular, unambiguous, and legitimate purposes. Furthermore, all data fiduciaries must take specific transparency and accountability steps, including adopting security protections (such as data encryption and avoiding data abuse), and
(ii) Establishing grievance redressal systems to handle individual concerns. When processing sensitive personal data of minors, they must additionally have measures for age verification and parental permission.
- Individual Rights: The Bill establishes some individual rights (or data principal). These rights include the ability to:
(i) I obtain confirmation from the fiduciary that their personal data has been processed,
(ii) request correction of inaccurate, incomplete, or out-of-date personal data,
(iii) have personal data transferred to any other data fiduciary in certain circumstances, and
(iv) limit the continued disclosure of their personal data by a fiduciary if it is no longer necessary or consent has been withdrawn.
Government’s Role On Personal Data Protection Act
India is the most recent country to announce plans to enact its own data privacy legislation. The proposed Personal Data Protection Bill (PDPB) aims to replace India’s present data protection rules in a comprehensive manner.
The previous regulating law, the Information Technology Act of 2000 (IT Act), hasn’t been able to keep up with the rapid improvements in technology. Cybercriminals have been continuously developing new ways to access sensitive personal information in India, which has recently seen a tremendous spike in cyberattacks. To make matters worse, the pandemic has accelerated the digital ecosystem by years, and remote labor has increased hackers’ attack surface. Organizations are left wondering how they can manage this ever-changing privacy landscape while regulatory agencies scramble to catch up.
- Changing the regulatory landscape across the country
- Recent high-profile hacks have had a significant impact on the country’s regulatory landscape. The PDPB thus arrives at a critical juncture in the country’s digital transformation.
- It would be India’s first law completely dedicated to data privacy and security. It includes the following topics:
- Notice and prior consent requirements for the use of personal data.
- There are constraints on the types of data that can be collected or processed, as well as requirements to guarantee that just the data needed to provide a service is gathered.
- Requirements for data localization demand the hiring of data protection officers inside organizations.
- To secure and govern the use of people’s personal data, a separate authority named the Data Protection Authority of India (DPA) was established.
- After numerous parties, including social media companies, privacy experts, and even ministers, objected to some of the elements in the draught, it is presently being considered by a joint committee of parliament. While it is possible that the law may take some time to pass and fully execute, businesses would be wise to plan beforehand.
Importance And Approval Of Personal Data Protection Bill
The Joint Parliamentary Committee’s (JPC) ratification of the Personal Digital Protection Bill, 2019, is a crucial step toward converting India into a robust and resilient data economy. Two years ago, the document was referred to the JPC for review and recommendation. Throughout this time period, the JPC received input from a variety of experts, academic institutions, and research institutes, which is considered. Its proposals will now be presented to Parliament for approval during the current winter session. The Personal Data Protection Bill, 2019, not only codifies the fundamental right to privacy, but also establishes a legal framework and specifies the duties of data fiduciaries, processors, and independent directors.
The passed data protection measure is crucial on five fronts. To begin, while respecting privacy, the Bill maintains a focus on national interests, which is necessary for light of the rapidly changing dangerous landscape in cyberspace. The exemption clause enables the government to process data for the purpose of ensuring the nation’s sovereignty and integrity. Numerous nations, from Europe to the United States, the United Kingdom, and Australia, have added such a clause. The reasons cannot be published in Parliament due to national security concerns, as some members have urged. However, successive governments understand the rationale for data use. While Acts are introduced in legislatures worldwide, actual orders remain with the government, as national security dangers cannot always be divulged. Section 35 exempts any agency under the Union government from all or any of the law’s obligations on the grounds of “public order,” “sovereignty,” “friendly relations with other governments,” and “state security.” This is comparable to the United Kingdom and other countries.
Second, there is the problem of the data subject’s consent to the processing of his or her data by government authorities. While it states that government agencies may get consent, there are times when this is not possible. Sections 12, 13, and 14 define these terms. The Chairman of the JPC, PP Chaudhary, indicated in an interview that it would be impracticable to seek consent from consumers each time benefits are distributed under Kisan Samman Nidhi or PDS. Additionally, a sizable portion of our population is illiterate and thus incapable of granting permission prudently.
Thirdly, a long-overdue option has been provided to expedite the Standardisation Testing and Quality Certification processes (STQC). This is to ensure that software and hardware are of the highest possible quality and reliability. This is critical when adversaries implant covert backdoors into them, allowing remote access to application resources such as databases and file servers. There are numerous sorts of backdoors, and attackers are continually developing new ones. While various governments incorporate backdoors into their hardware or software, China has garnered prominence in this regard.
Fourth, the obligations of social media platform administrators are defined. Clear guidelines have been provided for social media networks to ensure compliance with the rules, or face a penalty. The Act’s penalties would reflect the Act’s maximums, and the government might impose lower fines. This is to ensure that the adjudicating body issues fines that are within the prescribed range. The administration is anticipated to finalize details regarding the penalties that will be levied on social media platforms that violate the guidelines.
Conclusion
- The Personal Data Protection Bill of 2019 is motivated by the need to safeguard personal information. The measure divides personal data into three categories, allowing data fiduciaries to be held more accountable when it comes to data processing. The development of a regulatory sandbox will be extremely beneficial to technology-driven firms in their early stages since it would free them from the bill’s complicated procedures and compliance requirements. When passed, the law would have a significant influence on Indian enterprises and multinational corporations (MNCs), since they will be required to guarantee that their data processing complies with the bill’s standards.
Top 13 Facts About Right To Privacy And Personal Data Protection Act
Individuals have the right to privacy and control over their personal data.
Procedures for managing, processing, collecting, and distributing personal data in an appropriate manner Data protection rules are followed.
With the adoption of the General Data Protection Regulation, the necessity for data privacy has grown even more.
Although not the first privacy regulation, the GDPR was the most comprehensive and ground-breaking data protection law that mirrored the new digital world.
People have a right to privacy and control over their personal information.
Procedures for appropriately maintaining, processing, acquiring, and disseminating personal data protection requirements are followed.
Arguments and controversies in the internet world have an influence on the physical world or the real world, and their repercussions may occasionally have a significant impact on personal life.
Some people are unconcerned with their internet privacy, while others like the opportunity to flaunt their personal lives to the world. On all social media sites, you can quickly locate a large number of public profiles.
It is commonly assumed that one may participate in the internet world as an anonymous individual, entirely concealing his or her true name and social standing.
It is past time for government institutions to step in and implement clear cybersecurity laws and regulations.
According to North Eastern University, smart speakers accidentally activate up to 19 times a day, recording up to 43 seconds – adding up to 14 minutes every day.
A data breach is when a company’s cyber security is compromised without authorization, putting the data of their customers in the wrong hands.
Did you realize that certain businesses make staff listen to the recordings made by your voice assistant? These recordings are used to teach their technology more about you, such as how to better identify your voice, present targeted adverts, and respond correctly to your requests.
