0.1933
7667766266
x
x
  1. Home
  2. DRAFT DATA PROTECTION BILL

Draft Data Protection Bill

iasparliament Logo
July 28, 2018

What is the issue?

  • Justice B.N. Srikrishna-headed expert panel has submitted its draft personal data protection Bill 2018.
  • It has asked for critical personal data of Indian citizens be processed in centres located within the country.

What does the draft law state?

  • The draft bill by the Srikrishna committee has come after a year-long consultation process that studied aspects of the data protection regime.
  • The draft bill seeks to classify personal data of citizens into two categories namely critical and non-critical depending on its significance.
  • Further, it seeks to mandate the processing and storage of data classified as critical within the Indian borders.
  • It also proposes to allow non-critical data to be transferred outside India with some safeguards, although a copy of the same has to be retained locally.
  • Significantly, it has left the aspect of what data gets classified as critical to the discretion of the union government.

What are the implications of the bill?

  • The draft Bill, will apply to all processors of personal data within India.
  • For data processors not present in India, the act will apply to those carrying on business in India or other personal data gathering activities such as profiling.
  • Penalty - The draft also provides for penalties for violations and compensation to data subjects if their right to privacy is impinged.  
  • It has suggested a penalty of Rs.15 crore or 4% of the total worldwide turnover of any data collection/processing entity, for violating provisions.
  • Further, failure to take prompt action on a data security breach can attract up to Rs.5 crore or 2% of turnover as a penalty.
  • Permission - The bill seeks make the consent principle vital for aggregation of personal data, which needs to be given in advance.
  • Further, it stresses the need for explicit consent for processing “sensitive personal data”, which should be sought specifically.
  • The committee has also contemplated the implementation of the provisions in the bill in a structured manner and has ruled out retrospective application. 

What are the other important metrics concerning the draft bill?

  • The bill hasn’t commented on “Aadhaar” and allied privacy issues, as the issue is sub judice and is likely to be taken up soon in the Supreme Court.
  • Further, the committee hasn’t considered data as property and it has termed the relationship between aggregator and the consumer as one based trust.
  • The draft bill has recommended the setting up of a “Data Protection Authority” and “Appellate Tribunal” to prevent misuse of personal information.
  • On right to be forgotten, the draft states data subjects will have the right to restrict or prevent disclosure of personal data by a data processor.

 

Source: The Hindu
Login or Register to Post Comments
There are no reviews yet. Be the first one to review.