Navigating the Future: Analyzing the Proposed Data Protection Bill Draft and Its Implications
The Central Cabinet approved the Digital Personal Data Protection Bill (“The Bill”) on July 5, 2023, after the government multiple attempts to bring it into existence. It aims to birth legislation that holistically governs individuals digital data that the state and data fiduciaries use for different purposes. The government had to establish a law that would protect the personal data of citizens from unauthorized use by state and non-state entities. The government addressed this requirement by creating a committee and drafting the protection of data Bill.
Applicability
The Bill section 4(1) states that it applies to all transactions that are related to digitized personal data in India. It has two scenarios:
(i) When the data is collected online and
(ii) When the data is collected offline and subsequently digitized.
Section 4(2) of the Bill covers the processing of information related to the provision of goods and services in India that require data collection of individuals. The interpretation of personal data is any information that helps in identifying an individual. The Bill defines Processing as automated operations or a series of actions performed on digital personal data, encompassing activities such as collection, storage, usage, and sharing.?
Section 4(3)(a) of the Bill does not encompass the non-automated processing of personal information. It essentially means that a digital document or record that has personal information on which it is possible to automate data processing falls outside the Bill scope.
领英推荐
Challenges
While the legislation objective is to safeguard private data and hold data fiduciaries accountable, there might be some concerns revolving around it in future.?
A pressing issue will be the accountability and independence of the Data Protection Board.
The members will be appointed by the government which will raise doubts regarding their impartiality in data protection. It could lead to decreased public confidence and trust in the data protection framework.
Another issue will be the absence of deadlines for various actions. For example, no regulation suggests a timeline for deleting collected data if the owner of the data wants to withdraw their consent.
The third issue can be that the compliance regime of the proposed Bill can pose challenges for non-profit organizations, startups, and SMEs. They might lack the expertise and resources to address the various requirements. Compliance can become a very difficult task which would require diversion of resources and valuable time from the business core activities.
Conclusion
The Union Cabinet approval of the Bill is a huge step towards personal data safety in India.
However, just like any other legislation, there can be some shortcomings acting as roadblocks as well. The board independence, established clear timelines, and keeping the needs of small organizations in mind will lead to striking a balance that could support economic growth.