PERSONAL DATA PROTECTION BILL AND RIGHT TO PRIVACY- EXPLAINED
Rithun S, III year of B.A.,LL.B.(Hons.) from SASTRA Deemed to be University
Many people, who are accessing the internet, submit their details in social media and other websites. These details are usually stored on servers outside India’s boundaries, which makes the Government worry about it. In Justice K.S.Puttaswamy (Retd.) & Anr vs. Union of India, the Supreme Court of India held that right to privacy to be a fundamental right. In July 2017, the Government of India formed a committee of experts to analyse these issues. The committee was led by retired Supreme Court Justice B.N.Srikrishna. After one year of working on these issues, the committee submitted a draft of the Personal Data Protection (PDP) Bill in July 2018. The Data Protection Bill was introduced in the Lok Sabha on December 11, 2019, by the Minister of Electronics and Information Technology.
Evolution of Personal Data Protection Bill in India
In 2012 a group of experts constituted by the planning commission under the chairmanship of Justice A.P.Shah recommended the enactment of Privacy Act and provided a draft. In 2011 and 2014, the Department of Personnel and Training submitted two different drafts. The data protection in India was being achieved through provisions under various statutes and rules, these are as follows:
1. Constitution of India- Article 21 of the Indian Constitution provides the right to privacy as a fundamental right
2. Information Technology Act- (a) Section 43 A- This provision deals with sensitive personal data or information and also held that the person is liable who wrongfully gain other persons’ data (b) Section 72 A- This provision held that disclosure of any persons’ information without his consent is punishable.
3. Telegraph Act- Section 5 & 24- It regulates the interception of messages by the Central and the State Government of India.
4. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Rules)- These rules provide for the protection of personal information by imposing certain obligations on the entities that collect information.
5. Right to Information Act- Section 8(1)(j)- information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual, is exempted from disclosure.
6. Post Office Act- Section 26- It regulates the interception of postal articles by the Central and the State Government of India
7. Criminal Procedure Code- Section 91- It regulates targeted access to stored content
8. Wireless Telegraphy Act- Section 3- maintenance or operation of wireless communications networke for monitoring, intercepting and surveilling communications is an offence.
Features of the Bill
The bill was introduced for the protection of personal data and aims to set up a Data Protection Authority in the country. The bill regulates the processing of personal data by States, companies incorporated in India, dealing with personal data of individuals in India. The bill requires personal data to be handled by data fiduciaries only if the data principal (i.e. the person to whom the data relates) has given his permission. According to Section 3(28) of the Personal Data Protection Bill, “personal data” means data about or relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, whether online or offline, or any combination of such features with any other information, and shall include any inference drawn from such data for profiling. So, the identifiability of a natural person is the central idea behind determining what personal data is.
This bill will improve data handling and data privacy in a way that is similar to the European Union’s GDPR[i]. This bill allows consumers to transfer their data, including any inferences made by businesses based on such data to other businesses. This bill also provides the right to the consumers to access, correct and erase their data. This bill gives enormous powers to the Central Government to exempt any agency of Government from the application of the Act[ii]. Under Section 91 of this bill, the Government can access any personal data anonymised or non-personal data from the data fiduciaries and processors.
The Personal Data Protection Bill is a milestone to protect the personal data of a person. Though this bill has many advantages, it also has some defects. The major defect of this bill is making it mandatory for businesses to exchange non-personal data. It was suggested that the defect should be rectified.
[i] General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and the on data protection and privacy in the European Union and the European Economic Area.
[ii] Chapter VIII of the Personal Data Protection Bill provides exemptions.