Examining India's Digital Personal Data Protection Bill, 2022: Overcoming Socio-Economic Obstacles

In contemporary times, it can be recognized, as well as research shows, that there has been a boost in the use of the Internet. The use of the internet, albeit contributing to the development of the economy, has also led to many instances such as data breaches, cybercrimes, etc., being seen.

In India, there are more than 800 million Internet users according to the Ministry of Electronics and Information Technology, and over 313,000 cybersecurity incidents were reported solely in the year 2019. At this point, it was high time for a country like India to improve its existing data privacy provisions with some amendments so that the new problems that are surging could be eradicated. Therefore, the Government of India came up with the Digital Personal Data Protection Bill, 2022 (hereinafter called the "2022 Bill"), repealing the old bill for data protection, i.e., the Personal Data Protection Bill, 2019 (hereinafter called the "2019 Bill"). This article will focus on explaining the different aspects of the 2022 Bill and the impediments regarding its implementation.

The Evolution of Data Protection through Different Instances in India

In the year 2017, the court of law held that the right to privacy is a Fundamental Right and that it is an intrinsic part of life and liberty under Article 21 in the case of Justice K.S. Puttaswamy v. Union of India. Further, in the same year, the government also established a committee known as the B.N. Srikrishna Committee. The committee consists of experts who were appointed for data protection. The committee submitted its report in July 2018 along with the draft of the data protection bill. This led to the further enactment of different bills regarding the protection of personal data and eventually led to the foundational pillar of the 2019 Bill.

The Veracity of Digital Personal Data Protection Bill, 2022, due to which Bill 2019 was repealed

The need for the introduction of the new bill for data protection when there was already the 2019 Bill, and how the last bill can be repealed from the new bill, could be justified. The reason depends on various factors, and one of the chief reasons for the same is that the last bill was very wide in application, and effective implementation was not taking place, whereas in the case of the 2022 Bill, this problem was taken into consideration.

• Applicability – Section 46 specifies that the extent of applicability of this bill is only to those data which are in an online form or the applicability could be further extended to the data which are offline but can be converted to an online form. However, the 2019 Bill was having slightly wider applicability, and Section 27 of the bill specifies that this bill applies to the data which are collected online or offline both. Therefore, we can observe that the new bill focuses on a smaller area, and since applicability is towards a lesser area, effective implementation could be possible.
• Lawful basis for processing – Under the 2022 Bill, it was specified that the processing of data can only take place if the Data Principal has given consent. On the other hand, it could be inferred from Chapter III of the 2019 Bill which specifies that the processing of data can take place even if there is no consent. Consent plays a major role if someone is dealing with the use of personal data, and the 2022 Bill adheres to this principle.
• Penalties - The penalties under the new bill have been hardened to ensure that there must not be a breach of data. The range for the penalties begins from INR 10,000 (for non-compliance with the duties of a data principal), and the different nature of the case specifies different penalties. However, it is to be noted that Schedule 1 of the bill jots the provision that, as per Section 25(1), the maximum fine cannot be more than 500 crores. The increase in penalties in the new bill contributes towards the protection of data breaches.

Impediments to the Implementation of the 2022 Bill

The enactment of the bill was a great initiative taken by the government for the protection of personal data, as these data are of paramount importance in an individual's life, and the breach of the same can cause widespread inconvenience to the people. However, the enactment of the bill cannot solely solve the problem, and the implementation of the bill is the need for society, which often comes with many challenges.

• Technological Challenges – Technology is evolving rapidly, but at the same time, in India, many locations are there where people and some institutions, including government organizations, are completely deprived of technology. Even if some organization has access to the technology, network problems are often seen. In India, over 25,000 villages still do not have mobile or internet connectivity. In this scenario, the digital protection of data is very difficult, and the people of those localities might have to face inconvenience.
• International Cooperation – The bill, however, focuses on the protection of data of Indian citizens, but at the same time, migration and traveling of people in foreign countries are common. So, under these circumstances, coordination and cooperation among international organizations are necessary. Therefore, harmonizing cross-border cooperation can be complex, especially in the absence of global consensus.
• Public Awareness and Education - Since the bill deals with digital use and aid, many people in the country are still not aware of the digital protection of data. Spreading awareness and education among them about data protection requires an extensive outreach campaign and collaboration with educational institutes, which is yet another impediment to the implementation of the bill.
• Balancing innovation and regulation – The institutions and organizations that were working earlier in the offline mode on the matter of protecting personal data suddenly found it very difficult to shift and adapt to the new technology, which is yet another challenge.

Key Features Enshrined under the Bill which are of Paramount Importance

There are many challenges regarding the implementation of the bill, but at the same time, when we look into the provisions and infer the meaning at that time, this bill comes with many key characteristics. These include that the use of data by an organization must take place in a lawful, fair, and transparent way. The data which is being collected must be used for the purpose for which it is being taken. The data must not be stored perpetually by default. Further, there must be reasonable safeguards to ensure that there must not be unauthorized use of the data. The bill also mentions that the person to whom the data is being furnished must be accountable to sold such data for further processing.

All these features of the Bill are of epochal importance, which eventually contributes towards the economy of the country as data breaches often result in the monetary loss of the people.

Conclusion

From the above discussion, we can conclude that the 2022 Bill can be regarded as a welcome step from the government's side. However, the above-mentioned impediments are required to be inculcated in the bill, and the solution for the same must be given by the government on an urgent basis. Apart from that, this bill is a great initiative taken for the digital protection of personal data.

Moreover, the 2022 Bill is a necessary step as the number of internet users is escalating at a rapid rate, and the time is very near when the entire country would be digitalized; hence the digital protection of data is very crucial. The government is, however, required to come up with a Bill that should be precise and must be in the best interest of the common man along with the problems associated with the implementation of the Bill.

References:

1. India has more than 800 million internet users, says Rajeev Chandrasekha, The Indian Express (June, 18, 2023) https://indianexpress.com/article/technology/tech-news-technology/india-has-more-than-800-million-broadband-users-says-rajeev-chandrasekhar/
2. Soumik Ghosh, The biggest data breaches in India, CSO Online (June, 19, 2023), https://www.csoonline.com/article/3541148/the-biggest-data-breaches-in-india.html
3. INDIA CONST. art. 12 – 35?
4. Justice K.S. Puttaswamy (Retd) vs. Union of India, W.P. (Civil) No 494 of 2012, Supreme Court of India
5. Digital Personal Data Protection Bill
6. Personal Data Protection Bill, 2019
7. The Indian Contract Act, 1872, Act No. 9 of 1872
8. Rahul Shrivastava, Over 25000 villages in India still lack internet connectivity, Lok Sabha told, INDIA TODAY(June, 21, 2023), https://www.indiatoday.in/technology/news/story/over-25000-villages-in-india-still-lack-internet-connectivity-lok-sabha-told-1780758-2021-03-18

This article presents the insights of Prashant Prasad , currently pursuing his B.A.LL.B.(Hons.) at University Law College. The author's perspectives and opinions are entirely based on their personal viewpoint.