From UPSC perspective, the following things are important :
Prelims level : Data Protection Authority
Mains level : Paper 2- Personal Data Protection Bill 2019 and issues with it
The Personal Data Protection Bill (2019) has several provisions which could have implications for the privacy of an individual. The article examines such provisions and highlights the need for further debate on the Bill.
Evolution of privacy as a fundamental right
- The Supreme Court in MP Sharma v. Satish Chandra (1954) and Kharak Singh v. Uttar Pradesh (1962) had declared that while in certain circumstances the privacy of individuals was to be protected, there was no constitutional right to privacy in and of itself.
- However, in Puttuswamy v India (2017) the Supreme Court accepted privacy as a fundamental right.
- This was an important development.
Rising importance of data
- The rising importance of data has pushed over 80 countries to pass national laws protecting the collection and use of their citizens’ data by companies and the government.
- The DPB will have huge commercial and political consequences for India.
- In India, the Personal Data Protection Bill 2019 (DPB) is currently under consideration by a parliamentary committee.
- According to Ernst and Young, emerging technologies in India will create $1 trillion in economic value by 2025.
- Much of this value will be founded on the creation, use, and sale of data, and the DPB will have immense implications as firms scramble to meet new privacy regulations.
Conditions for access to data and issues
- The bill establishes a number of conditions for companies to follow.
- For one, it would require digital firms to obtain permission from users before collecting their data.
- It also declares that users who provide data are, in effect, the owners of their own data.
- So that the users will be able to control the data their online selves produce, and may request firms to delete it, just as European internet-users’ “right to be forgotten”.
- But the bill stipulates that critical or sensitive personal data, related to information such as religion, or to matters of national security, must be accessible to the government if needed to protect national interest.
- Critics have suggested that such open-ended access could lead to misuse.
- Even B N Srikrishna, who chaired the committee that drafted the original bill has also expressed concerns about this provision.
- Other major concern is about Data Protection Authority (DPA).
Concerns about Data Protection Authority
- The bill outlines the establishment of a Data Protection Authority (DPA).
- The DPA will be charged with managing data collected by the Aadhaar programme.
- It will be led by a chairperson and six committee members, appointed by the central government on the recommendation of a selection committee.
- But this selection committee will be composed of senior civil servants, raising questions about the board’s independence.
- The government’s power to appoint and remove members at its discretion also stokes fears about its ability to influence this independent agency.
- Unlike similar institutions, such as the Reserve Bank of India or the Securities and Exchange Board, the DPA will not have an independent expert or member of the judiciary on its governing committee.
Consider the question “Discuss the various provision of Personal Data Protection Bill 2019 for the protection of individual’s privacy. What are the concerns over the various provisions of the Bill?”
The DPB is a unique opportunity for India, a country with some 740 million internet users, to forge a pathbreaking agenda that will act as a standard-setter in the still-developing field of national data protection legislation.