The Personal Data Protection Bill, 2019 was introduced in Lok Sabha on December 11, 2019. The Bill seeks to supply for cover of private data of a private , and establishes a knowledge Protection Authority.
• Applicability: The Bill provides for the processing of private data by:
(ii) Companies incorporated in India, and
(iii) Foreign companies handling personal data of people in India.
The Bill had categorised certain personal data as sensitive personal data. This includes financial data, biometric data, religious or politics , caste, or the other category of knowledge specified by the govt , in consultation with the Authority and therefore the concerned sectoral regulator.
• Obligations of knowledge fiduciary: a knowledge fiduciary is an entity or individual who decides the means and purpose of processing personal data. Such processing goes to be subject to certain purpose, collection and storage limitations. Additionally, all data fiduciaries has got to take certain transparency and accountability measures such as:
a. Implementing security safeguards (such as encoding and preventing misuse of data); and
b. Instituting grievance redressal mechanisms to deal with complaints of people , they need to also institute mechanisms for age verification and parental consent when processing sensitive personal data of youngsters .
• Rights of the individual: The Bill provides certain rights to the individual:
i. Obtain confirmation from the fiduciary on whether their personal data has been processed;
ii. Seek correction of inaccurate, incomplete, or out-of-date personal data;
iii. Have personal data transferred to the other data fiduciary in certain circumstances; and
iv. Restrict continuing disclosure of their personal data by a fiduciary, if it’s not necessary or consent is withdrawn.
• Grounds for processing personal data: The Bill provides for processing of knowledge by fiduciary as long as consent is provided by the individual. However, in certain circumstances, personal data are often processed without consent:
i. If required by the State for providing benefits to the individual;
ii. For legal proceedings;
iii. For responding to a medical emergency.
• Social media intermediaries: The Bill defines these to incorporate intermediaries which enable online interaction between users and permit for sharing of data .
• Data Protection Authority: The Bill provides for a knowledge Protection Authority which may:
i. Take steps to guard interests of individuals;
ii. Prevent misuse of private data; and
iii. Ensure compliance with the Bill.
It will contains a chairperson and 6 members, with a minimum of 10 years of experience within the field of knowledge protection and knowledge technology. Orders of the Authority might be appealed to an Appellate Tribunal. Appeals from the Tribunal will attend the Supreme Court.
• Transfer of knowledge outside India: Sensitive personal data could also be transferred outside India for processing if it’s explicitly consented by the individual, and subject to certain additional conditions. However, such sensitive personal data should still be stored in India. The critical personal data shall only be processed in India.
• Exemptions: The central government can exempt any of its agencies from the provisions of the Act in following cases:
i. In interest of security of state, public order, sovereignty and integrity of India and friendly relations with foreign states; and
ii. For preventing incitement to commission of any cognizable offence (i.e. arrest without warrant) concerning the above matters.
Processing of private data is additionally exempted surely other purposes such as:
- Prevention, investigation, or prosecution of any offence; or
- personal, domestic; or
- journalistic purposes
However, such processing must be for a selected , clear and lawful purpose, with certain security safeguards.
• Offences: Bill include following offences:
i. Processing or transferring personal data in violation of the Bill, punishable with a fine of Rs 15 crore or 4% of the annual turnover of the fiduciary, whichever is higher;
ii. Failure to conduct a knowledge audit, punishable with a fine of 5 crore rupees or 2% of the annual turnover of the fiduciary, whichever is higher; and
iii. Re-identification and processing of de-identified personal data without consent is punishable with imprisonment of up to 3 years, or fine, or both.
• Sharing of non-personal data with government: The Central Government may direct data fiduciary to supply it with any:
i. Non-personal data; and
ii.personal data for better targeting of services.
• Amendments to other laws: The Bill provides for the amendment of the knowledge Technology Act, 2000 to delete the provisions associated with compensation payable by companies for failure to guard personal data.
I have always been against Glorifying Over Work and therefore, in the year 2021, I have decided to launch this campaign “Balancing Life”and talk about this wrong practice, that we have been following since last few years. I will be talking to and interviewing around 1 lakh people in the coming 2021 and publish their interview regarding their opinion on glamourising Over Work.
If you are interested in participating in the same, do let me know.
If you would also like to contribute to my website, then do share your articles or poems at firstname.lastname@example.org
You may also like to read: