FOCUS ON A COMPREHENSIVE DATA PROTECTION LAWS

 

Latest Context

The massive collecting and processing of personal data has become essential to the survival of communication and commerce in the digital era. However, serious worries about the safety of personal data have been expressed due to the potential for exploitation and abuse of digital technology. An efficient data protection system is demonstrated by the General Data Protection Regulation (GDPR) of the European Union.

• Through initiatives like the Digital Personal Data Protection Bill and the Information Technology Act (IT Act) of 2000, India has also been working to improve its data governance. India also intends to replace the IT Act, 2000 with the Digital India Act.

What rules and guidelines apply globally for data governance?

General Data Protection Regulations (GDPR) of European Union (EU):

• The General Data Protection Regulation aims to create a thorough data protection framework for handling personal data.
• In the EU, the right to privacy is recognised as a fundamental right that aims to safeguard a person's self-respect and control over the data they produce.
• Organisations all across the world are making compliance with the GDPR a priority because of the penalties imposed. Significant fines have been imposed on well-known corporations including Google, WhatsApp, British Airways, and Marriott.
• Furthermore, the GDPR's stringent guidelines for data transfers to foreign countries have significantly impacted data protection systems outside of the EU.

Data Governance in US:

• The use, acquisition, and disclosure of data are not covered by a comprehensive set of privacy rights or principles in the US like the GDPR in the EU.
• Rather, there is just a little industry-specific regulation. The public and commercial sectors take diverse approaches to data protection.
• Wide-ranging laws like the Privacy Act, the Electronic Communications Privacy Act, etc., clearly identify and address the government's functions and authority with regard to personal information.
• There are several standards that are unique to the private sector.

Data Governance in China:

• The Personal Information Protection Law (PIPL), which went into effect in November 2021, is one of the new data privacy and security legislation established in China during the previous two years.
• In an effort to stop the exploitation of personal data, it grants additional powers to Chinese data principals.
• Business data must be categorised by priority levels under the Data Security Law (DSL), which went into effect in September 2021 and imposes additional limitations on cross-border transfers.

Provisions Related to Data Governance in India

IT Amendment Act,2008:

• Existing Privacy Protections The IT (Amendment) Act, 2008 in India has some privacy measures in place.
• However, the majority of these regulations are situation-specific, such as limitations on media publications of minors' identities and rape victims' names.

Justice K. S. Puttaswamy (Retd) vs Union of India 2017:

• Justice K. S. Puttaswamy (Retd) v. Union of India, decided by a nine-judge Supreme Court panel in August 2017, established India's basic right to privacy as an integral component of life and liberty under Article 21.

B.N. Srikrishna Committee 2017:

• In August 2017, the government established an expert committee for data protection, which was headed by Justice B N Srikrishna. The group's report and a draft data protection bill were both presented in July 2018.
• The report makes several proposals for strengthening India's privacy laws, including those for a Data Protection Authority, the right to be forgotten, data localization, and limitations on data processing and gathering.
• Digital media ethics code and information technology intermediary guidelines rules 2021:
• Social media sites are required by IT Rules (2021) to take greater care with the content they host.

Digital Personal Data Protection Bill:

• The Bill would be applicable to the handling of digital personal data processed in India, whether the data is obtained online or offline and then converted to digital form. If the processing is being done to sell products or services or create profiles of people in India, it will also apply to processing done outside of India.
• Only legitimate uses of personal data may be carried out with the agreement of the data subject. In some circumstances, consent may be assumed.
• Data fiduciaries will be required to keep data accurate, safe, and deleted when its purpose has been served.
• A "data fiduciary" is a person who chooses the reason for and the method for processing a person's personal data, either independently or in collaboration with other people.
• The Bill provides individuals with a number of rights, including the ability to request information, seek rectification and erasure, and file a grievance.
• For specific reasons, such as state security, public order, and the prevention of crimes, the central government may exclude government agencies from the Bill's restrictions.
• The Data Protection Board of India will be established by the national government to decide cases of non-compliance with the Bill's requirements.

Proposal of ‘Digital India Act’,2023 to replace IT act,2000:

• The IT Act was initially solely intended to safeguard e-commerce transactions and outline cybercrime offences; it did not fully address data privacy rights or cope with the complexity of the contemporary cybersecurity ecosystem.
• The new Digital India Act aims to serve as a catalyst for the Indian economy by encouraging more innovation and entrepreneurs while also safeguarding Indian people' safety, trust, and responsibility.

Challenges with Data Governance in India

Insufficient Awareness:

• The lack of awareness among individuals and organisations of the necessity of data security and the possible repercussions associated with data breaches is one of the main challenges to maintaining data protection in India. As a result, people could find it difficult to take the essential safeguards to protect their personal information.

Weak Enforcement Mechanisms:

• There are insufficient effective enforcement tools in India's current legislative framework for data protection. Due to this flaw, it is challenging to hold companies responsible for data breaches and violations of data protection laws.

Lack of Standardization:

• The lack of standardised practises among organisations is a substantial barrier to the implementation and enforcement of data protection rules in India. When seeking to build and follow consistent data protection practises, difficulties arise due to the lack of standardisation in data protection policies.

Inadequate Safeguards for Sensitive Data:

• Sensitive data, including biometric and health data, are not adequately protected under India's present data protection framework. The lack of proper protection measures becomes an issue when organisations gather certain sorts of data more often.

Way Forward

• Administration as a Model The government must set an example by putting data protection first given its substantial position as a fiduciary and processor of personal information.
• To achieve efficient governance, it is essential to create a data protection board that is independent, strong, and subject to judicial or legislative supervision.
• Innovation and regulation must be balanced. While tight laws are required to protect personal information, overly prescriptive and restrictive standards risk stifling innovation and obstructing cross-border data flows. To successfully secure personal data while fostering innovation, the proper balance must be struck.

Prelims

Q1. ‘Right to Privacy’ is protected under which Article of the Constitution of India? (2021)

(a) Article 15

(b) Article 19

(c) Article 21

(d) Article 29

Ans: (c)

Q2. Right to Privacy is protected as an intrinsic part of Right to Life and Personal Liberty. Which of the following in the Constitution of India correctly and appropriately imply the above statement? (2018)

(a) Article 14 and the provisions under the 42nd Amendment to the Constitution.

(b) Article 17 and the Directive Principles of State Policy in Part IV.

(c) Article 21 and the freedoms guaranteed in Part III.

(d) Article 24 and the provisions under the 44th Amendment to the Constitution.

Ans: (c)

Mains

Q.1 Examine the scope of Fundamental Rights in the light of the latest judgement of the Supreme Court on Right to Privacy. (2017)

 

 

Must Check: Best IAS Coaching Centre In Delhi