In a groundbreaking move, Prime Minister Narendra Modi’s government introduced the “Digital Personal Data Protection Bill” in Parliament, marking a significant stride towards safeguarding citizens’ online privacy rights. It comes in light of the rising concerns over unauthorized data collection by various platforms, known technically as ‘data fiduciaries,’ which offer digital services to the Indian public.
In 2017, the Supreme Court ruled the right to privacy as fundamental after many perceived the UPA government’s neglectful approach to citizens’ data. Following this ruling, the Modi government undertook the responsibility to devise legislation that would prioritize the rights of Indian digital citizens while also promoting a healthy digital ecosystem for startups and innovation.
An earlier attempt to draft a data protection bill between 2019-2021 was seen as overly complicated and potentially burdensome for emerging digital businesses. Responding to these concerns, the present bill has been refined to provide clarity and simplicity, ensuring protection for citizens and fostering a compliance-friendly environment for the digital economy.
The bill’s principles revolve around the following:
1. Consent-Based Data Collection: Organizations can only gather data with the user’s consent.
2. Purpose and Storage Limitations: Data must only be used for its intended purpose and shouldn’t be stored beyond its required duration.
3. Data Minimization: Only essential service or product delivery data should be collected.
4. Data Protection and Accountability: Fiduciaries must ensure data security. Breaches could lead to hefty penalties.
5. Accuracy in Data Storage: Platforms must maintain the integrity and accuracy of collected data.
6. Mandatory Breach Reporting: Companies are legally bound to report any personal data breaches.
Furthermore, the bill clearly defines situations under which the government can access citizens’ personal data, ensuring transparency while considering national emergencies and security challenges.
Violations will be overseen by the Data Protection Board, which has the authority to impose penalties up to Rs 250 crore or even higher, depending on the nature of the breach.
Acknowledging the dynamic nature of technology, the bill is designed to evolve, accommodating changes and challenges that arise in the digital domain. This comprehensive legislation is a testament to the government’s commitment to fostering a safe and innovative digital space for all Indians.
However, the bill’s journey to approval was fraught with controversy. Central to the debates was whether the legislation should undergo further amendments or be referred to a Select Committee. One staunch supporter argued against further committee referrals, pointing to the extensive pre-existing consultations. Their primary concern was the risk of exacerbating delays, which could enable the continuous misuse of personal data by multiple platforms.
The opposition’s hesitance to participate in a meaningful discussion on the bill has baffled many. A leading voice from the government side remarked, “This bill is too crucial for political shadow plays. We are open to suggestions and constructive feedback.”
Amongst circulating rumors were whispers of the legislation being introduced as a money bill. These were promptly quashed. A government spokesperson clarified, “The priority is to facilitate an open debate, allowing all concerns to be aired, leading to an informed, collective decision.”
With the bill now passed, expectations are high. The collective hope is for the legislation to serve as a robust framework, effectively protecting individual rights while bolstering the government’s digital security efforts. Further updates on this will follow.
Disclaimer: The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of AFTERNOON VOICE and AFTERNOON VOICE does not assume any responsibility or liability for the same.