KEMBAR78
Personal Data Protection | PDF | Privacy | Information Privacy
Scribd
Upload
21 views5 pages

Personal Data Protection

The Personal Data Protection Bill, 2018 aims to address the inadequacies of current privacy laws in India by establishing a legal framework for the protection of personal data. It introduces key concepts such as Data Fiduciary, Data Processor, and Data Principal, and emphasizes the necessity of explicit consent for processing personal data. The Bill also outlines the rights of Data Principals, conditions for data transfer outside India, and exemptions for law enforcement, ultimately promoting a new data privacy regime focused on trust and accountability.

Uploaded by

Madhavan Namboothiri M
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
21 views5 pages

Personal Data Protection

The Personal Data Protection Bill, 2018 aims to address the inadequacies of current privacy laws in India by establishing a legal framework for the protection of personal data. It introduces key concepts such as Data Fiduciary, Data Processor, and Data Principal, and emphasizes the necessity of explicit consent for processing personal data. The Bill also outlines the rights of Data Principals, conditions for data transfer outside India, and exemptions for law enforcement, ultimately promoting a new data privacy regime focused on trust and accountability.

Uploaded by

Madhavan Namboothiri M
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

All you need to know about the Personal Data Protection

Bill, 2018

With the advancement in technology and the revolutionary


increase in the use and dependability of the internet, a lot
of data is being created and shared by us through mobile
applications and websites, including personal information. A
lot of this data is also stored in hard disk, cloud,
database, memory disk, internet, computer, etc. and the same
continues to grow at limitless rates leading some sensitive
information to enter the "Public Domain". Once the data
enters the public domain it is subjected to various threats
such as the threat from hackers, software threats, misuse or
misrepresentation of information, data breaches, and leaks
creating a need for data protection.

What is Data Protection?

The term Data Protection means legal control over access to


and use of data stored. In other words, it refers to a
series of continuous and repetitive processes, sound
policies, and privacy laws to reduce intrusion into one's
privacy.

Data Protection in India

Up until now, privacy laws in India offer little protection


against the misuse of one's personal information. The
transfer of personal data is currently governed by the
Sensitive Personal Data and Information Rules, 2011, which
has been proven to be inadequate. With the mounting concerns
worldwide regarding the protection and need for the legal
regulation of an individual's personal data in the face of
various scandals, the need for similar legislation is of
greatest importance in India, where the data-driven services
and transactions in the digital economy are ever increasing
but apparently, the personal data of Indian nationals sees
very little protection.

Recently, an admission was made by Facebook that the data of


87 million users, including 5 lakh Indian users, was shared
with Cambridge Analytica, a British political consulting
firm that combined data mining, data brokerage, and data
analysis with strategic communication during the electoral
processes. The very thought of personal data being used for
unknown intentions sent ripples across the world. In
furtherance of this, the European Union, in order to protect
the personal data of individuals enacted the General Data
Protection Regulation (GDPR) which establishes the right to
privacy as a Fundamental Right. Following the implementation
of the GDPR and taking examples from the legal frameworks of
other countries on the subject, the Personal Data Protection
Bill 2018 has been introduced by the Justice B.N. Srikrishna
Committee to prevent "Personal Data" of individuals from
being misused.

What are the key aspects of the draft bill?

The Personal Data Protection Bill has introduced concepts


that are the essence of data protection, such as:

- Data Fiduciary- The Bill defines every entity (a


state, a company, any juristic entity, or any individual)
which determines the purpose and means of processing
personal data as the "Data Fiduciary".

- Data Processor- It refers to every entity (a state, a


company, any juristic entity, or any individual) which
actually processes the personal data on behalf of a data
fiduciary as a "Data Processor".

- Data Principal- It means every entity including an


individual, a Hindu Undivided Family, a company, a firm, a
state, an association of persons or a body of individuals,
and every artificial judicial person.

The proposed Data Protection Bill states that unless


explicit consent is given, your personal data cannot be
shared or processed, which means that the onus lies on you
to make an informed choice. It also states that any person
processing your personal data is obligated to do so in a
fair and reasonable manner and it shall not be processed for
the purposes it was not intended for in the first place. It
makes the data fiduciary responsible for complying with the
obligations in respect of any processing undertaken by it or
on its behalf.

Grounds for processing personal data under the Bill

The Bill makes consent an essential part of processing data.


No data shall be processed without the consent of the data
principal. However, the data shall be processed without
consent only on certain grounds specified in the draft bill,
such as:

- If processing is necessary for any function of


Parliament or any State Legislature or for any service or
benefit to the data principal.

- For compliance with any order or judgment of any Court


or Tribunal in India.

- To respond to any medical emergency involving a threat


to life, a severe threat to the health, or an outbreak of
disease.

- Recruitment or termination of employment of a data


principal by data fiduciary.

- Prevention and detection of any unlawful activity,


mergers, and acquisition, credit scoring, recovery of debt,
and whistleblowing.

Grounds for processing sensitive personal data under the


Bill

The term 'Sensitive Personal Data' includes passwords,


financial data, health data, biometric data, genetic data,
and data on caste or tribe or religious and political
beliefs. The sensitive personal data may be processed on the
basis of explicit consent for:

- Any function of Parliament or any State Legislature,

- For any service or benefit to the data principal.

- For compliance with any order or judgment of any Court


or Tribunal in India.

- To respond to any medical emergency involving a threat


to life, a severe threat to the health, or an outbreak of
disease.

Rights of Data Principal

Under the Personal Data Protection Bill, the Data Principal


are granted certain rights such as:

- Right to confirm whether the data fiduciary is


processing or has processed the personal data and access to
the data.
- Right to correction of inaccurate, misleading, or
incomplete personal data.

- Right to data portability.

- Right to be forgotten, i.e., the right to restrict or


prevent continuing disclosure of personal data by a data
fiduciary.

Transfer of personal data outside India

Personal data other than those categorized as sensitive


personal data may be transferred outside the territory of
India under the following conditions:

- The transfer is made subject to standard contractual


clauses or inter-group schemes that have been approved by
the Authority.

- The Central Government has prescribed that transfers


to a particular country or sector within a country are
permissible.

- The Authority approves a particular transfer or set of


transfers as permissible.

- In furtherance of the above, the data principal has


consented to such transfer of personal data.

Exemptions

Processing of personal data in the interests of prevention,


detection, investigation, and prosecution of any offense or
any other contravention of law is permitted, provided it is
authorized by a law made by Parliament and State
Legislature.

The Ministry of Electronics and Information Technology has


announced that before the Draft Bill is passed by the
Parliament, it will undergo intensive parliamentary
consultation. The Ministry solicits comments from General
Public on the Draft Bill in order to ensure that it is
indeed the need of the hour and beneficial to the interests
of the individuals. The Draft Bill, when enacted will give
way to a new data privacy regime, which is based on trust
and an efficient mechanism between the Data Fiduciary and
Data Principal. The Draft Bill imposes a series of
obligations on the State and makes it accountable for
processing the personal data of an individual, thereby
protecting both - the personal data and the constitutionally
guaranteed right to privacy.

You might also like