This Article is written by Shivangi Rajiva ( a 5th-year BBA.LLB student from Symbiosis Law School, Hyderabad)
Introduction
Mr Ravi Shankar Prasad, Minister of Electronics and Information Technology, introduced the Personal Data Protection Bill, 2019, in Lok Sabha on December 11, 2019. The Bill endeavours to secure people’s personal information and build up a Data Protection Authority with that in mind. It originates from the Supreme Court’s 2017 decision in the Puttaswamy v. UOI, which perceived privacy as a Fundamental Right ensured by the Constitution.
The Bill covers the handling of personal information by the accompanying substances:
- the public authority i.e. the government,
- incorporated enterprises in India, and
- international organizations managing individual information of the citizens of India
Personal information will be data about an individual’s characteristics, qualities, or traits that might be utilized to distinguish them. Certain individual information is named delicate individual information under the Bill. The monetary information, biometric information, religion or political feelings, or some other classification of the information set up by the public authority as a team with the Authority and the important sectorial controller are generally instances of this.
The board, which has been pondering on the Bill since it was postponed in Parliament in 2019, has made various recommendations to alter the text. In any case, it stayed away from the greatest staying regions, for example, government admittance to private information, inciting resistance from Opposition board individuals. The drafted bill, taken on by the Cabinet suggests restricting the utilization of individual personal information without individuals’ express arrangement. In February of last year, the bill was presented in the Lok Sabha. It subsequently alluded to the Joint Committee of Parliament, which was then led by BJP MP MeenakshiLekhi.
BACKGROUND
While the expressed motivation behind the Bill was to accommodate the assurance of people’s personal data and to set up a Data Protection Authority to execute the similar, various terms and ideas stay unclear, and to confound matters further, on-going administrative initiatives presenting new sectorial policies/draft guidelines around various kinds of information and how it is taken care of, handled, and ensured have been disclosed by different Government offices.Individuals’ fundamental right to privacy – the Bill’s entire purpose – faces a significant risk of being endangered, with the Bill giving the government unfettered and extensive powers to exclude its agencies from the Bill’s requirements in specific instances. Furthermore, discretionary powers granted to the executive arm of government must be supported by clear and explicit instructions for the executive to follow in using the authority. This fundamental rule is violated by the Bill, which states that the method, protections, and monitoring mechanism to be followed for surveillance are established in rules issued by the government itself.
Besides, anonymised information is defined in Section 3(2) as information that has gone through an “irreversible course of changing or changing individual information over to a structure wherein an information chief can’t be remembered.” It ought to be featured that irreversible anonymiation is out of reach, and without a trace of arrangements in the Bill endorsing measures for anonymisation and ramifications for break, the State’s capacity to get to anonymised individual information establishes an encroachment of the right to protection over close to home information.
THE NEW PERSONAL DATA PROTECTION BILL
The Personal Data Protection Bill incorporates prerequisites for notice and earlier assent for the utilization of individual information, imperatives on the explanations behind which associations can deal with information, and limitations to ensure that main information needed to offer an assistance to the person being referred to is accumulated. It additionally contains models for information localisation and the assignment of information insurance officials inside ventures.This exact information insurance guideline has not yet been set up in India. The Indian council did, in any case, modify the Information Technology Act (2000) to add Sections 43A and 72A, which accommodate pay for improper exposure of individual data.
Under Section 43A of the IT Act, the Indian national government later authorized the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules. The Rules place additional obligations on business and corporate undertakings in India for the procurement and revelation of delicate individual information or data, which are equivalent to the GDPR and the Data Protection Directive.
Organizations in directed enterprises, like monetary administrations and media communications, are dependent upon classification commitments under sectoral laws that expect them to keep client individual data private and use it just for recommended purposes or in the way settled upon with the client.
CURRENT STATUS OF THE BILL
The Indian Joint Parliamentary Committee (the “JPC”) accountable for evaluating the Personal Information Protection Bill 2019 (“PDPB”) conveyed its report on the proposed law on November 22, 2021. The report comes almost two years after the action alluded to the JPC interestingly. The JPC’s report will doubtlessly be conveyed with the PDPB 2019 throughout Parliament’s Winter Session, which starts on November 29, 2021. Whenever supported, the PDPB will be India’s first complete information insurance law.The Joint Committee of Parliament examining the Personal Data Protection Bill is relied upon to present its report on the House floor on December 21.
