What Is The Fuss About Personal Data Protection Bill That Grants Wide-Ranging Powers To The Centre?

Image Credit: Unsplash

What Is The Fuss About Personal Data Protection Bill That Grants Wide-Ranging Powers To The Centre?

The Joint Parliamentary Committee adopted the draft of the Personal Data Protection Bill in 2019 after much deliberations and debates for the two preceding years. However, the Opposition alleges that it is designed to cater to the benefit of the Centre.

If there is one thing that everyone wants to protect in today's era, it is data. Everyone felt the importance of making their space on the digital platform. People worldwide now talk about transferring data in a blink of an eye. Therefore, India needed to step into the digital space and try to regulate it. In 2019, the Joint Parliamentary Committee (JPC) adopted the Personal Data Protection Bill draft after two years of debates and deliberations. The wait was for the draft to be presented before the Speaker of Lok Sabha in the upcoming winter session of the Parliament.

What Is The Bill About?

Former Minister of Electronics and Information Ravi Shankar Prasad introduced the Bill in 2019 intending to regularize data collection and storage procedures in the country. Therefore, the Bill made necessary regulations for the protection of individual's data. The PDP Bill had set up three categories for the data, namely personal data, sensitive personal data and critical personal data. All three types have different requirements and obligations.

Personal data is an umbrella term that comprises sensitive personal data, which can be defined as financial, health, sexual orientation, biometric, genetic, transgender status, caste and religious belief. Moreover, all the Indian and foreign companies that deal with data from Indians would have to comply with the new guidelines. Any critical, like national or military data, falls under the subset of critical personal data.

The Bill gives every individual the right to protect their data, which also includes seeking confirmation from the companies' side about whether their data has been processed or not. Moreover, the individuals are entitled to make changes to their data for correction or updating purposes. The Bill also sought setting up a Data Protection Committee that would act as a regulatory body to ensure compliance to the Bill. The Body would work to protect the misuse of data and act as a tribunal in matters concerning the Bill.

How Did The Opposition React?

The Centre had also thought of a punishment for the offenders who attempt data breaches. The Bill mentioned penalties worth ₹15 crores, or 4 per cent of the fiduciary's annual turnover, or a fine of ₹ 5 crore and 2 per cent of the yearly turnover. However, despite the regulations mentioned above, the Opposition showcases significant disagreement with the Personal Data Protection Bill and alleges that it provides far-reaching powers to the central government. As many as seven Members of Parliament (MP) from Congress, Trinamool Congress (TMC) and the Biju Janata Dal (BJD) gave their dissent notes after the Joint Parliamentary Committee adopted the report on the Bill.

Congress MPs Jairam Ramesh and Manish Tewari added their dissent notes to the report in Opposition of the wide-ranging powers that the Centre grants itself in the Bill, under the public interest clause. They mentioned that Section 35 gave unbridled powers to the Centre to exempt any government agency from compliance. Moreover, they added they had proposed a parliamentary sanction before exempting government agencies.

Another Party member named Gaurav Gogoi dissented the Bill and flagged his concerns over the lack of attention to the harms arising from surveillance and lack of parliamentary oversight.

How Is Data Managed?

In the current scenario, everything that an individual does, from online transactions to digital payments, is data. They are stored in such a manner that the computer reads them. The individual whose data is being held is called the data principal in the Bill. Not only is this a magnanimous source of data regarding a person's payment details and personal preferences, and essential source of income, but it could potentially be used to invade the privacy of individuals that could reveal personal aspects. Several companies, governments or political organizations could use these unique aspects of one's personal information for advertising their plan to the public in a customized fashion to grab their attention.

Why Was It Contentious?

The main point of contention is the leverage allowed to Central agencies to process data of individuals without their consent for 'reasonable purposes' like the nation's security, prevention and detection of any unlawful activity or fraud, whistleblowing, medical emergencies and so on. The information could practically turn the face of the future's economy, and law enforcement would depend on data regulation. Digital data is similar to a set of documents stored in a cabinet; the only difference is that they are non-tangible. One could access that data beyond borders, in the oceans and over mountain tops. However, for data to be beneficial to big organizations and governments, it must be processed by the computers in prior.

Data fiduciaries collect and handle an individual's data. While the fiduciary has control over how and why the data is processed, the processor might be a third party. As data moves from one entity to another, it is imperative to delineate the responsibility. For instance, social media mega-giant Facebook (now Meta) fell into controversy with Cambridge Analytica.

How Have Foreign Entities Reacted To This Proposition?

Technology giants, especially those with strong ties in the United States, have reacted with a heavy backlash towards the PDP Bill of 2019. Several groups in society have severely criticized the Bill and have voiced their opinions against the Centre's open-ended reservations that allow 'surveillance'. Some lawyers have contradicted the government's stance on data localization and have said that the government cannot achieve security purposes by data localization. They said that even if data was stored in India, the encryption keys to access it could not be at the government's perusal.

The sentiment of data protection for domestic security could hamper the values of a globalized and competitive marketplace, where cost and speed are the only determinants of the information flows and not nationalistic borders. India is home to hundreds of start-ups aiming for global growth and rigid data protection policies to ground their flights into the international market.

Also Read: Broadcasting Authority Pulls Up Zee News, Times Now For Violating Ethics Code, Directs To Take Down Videos

Contributors Suggest Correction
Editor : Ankita Singh
Creatives : Ratika Rana

Must Reads