DIGITAL PERSONAL DATA PROTECTION ACT:

Aspects of Personal Data Protection

    • The gathering, processing, storing, and sharing of personal data are governed by data privacy laws and regulations that have been passed in many different countries.
    •  These laws give people control over their data and place duties on businesses that manage personal information. 
    • Before collecting and using an individual’s personal data, organizations are required to obtain the individual’s informed consent. Consent ought to be freely offered, explicit, knowledgeable, and reversible.
    • It is imperative to put in place sufficient security measures to guard against cyberattacks, illegal access, and data breaches. 
    • This covers access controls, encryption, safe storage, and recurring security audits. 
    • It is expected of organizations to give transparent information about their data practices, including the methods used for gathering, processing, and sharing data. 
    • Individuals whose data is being collected, known as data subjects, have the right to access their data, have it corrected when it is inaccurate, have it deleted, and be able to restrict or object to specific processing activities. 
    • In the case of a data breach that might jeopardize people’s rights and liberties, organizations are frequently obligated to alert authorities and affected parties.
    • Organizations need to make sure that the right security and privacy measures are in place when transferring personal data across international borders. 
    • It is the responsibility of organizations to adhere to data protection laws and to show their dedication to data privacy by means of policies, procedures, and records. 
    • Numerous nations have set up agencies or data protection authorities tasked with upholding data privacy laws, carrying out audits, and handling complaints. 
    • Within the European Union, the General Data Protection Regulation (GDPR) is one of the most extensive data privacy laws in the world. 
    • Similar laws have been enacted in other nations; in the US, this is exemplified by the California Consumer Privacy Act (CCPA).

The Digital Personal Data Protection Bill, 2023

    • The process of creating a data protection law commenced in 2017 with the establishment of an expert committee by the Ministry of Electronics and Information Technology (MeiTY). 
    • An important step was taken when the Data Protection Bill, 2021 (DPB, 2021) was published in December 2021.
    • The minister of communications and information technology, Ashwini Vaishnaw, withdrew it in Parliament on August 3, 2022.

    • On November 18, 2022, a draft of the Digital Personal Data Protection Bill, 2022 (DPDPB, 2022) was made available for public review. 
    • The feedback that was provided during this consultation process was kept confidential. 
    • The request to make the submissions publicly available was also denied in a Right to Information case. 

Highlights of the 2023 Bill 

    • The Bill will be applicable to the processing of digital personal data in India, whether the data is digitalized after being collected offline or online.
    • If such processing is done outside of India in order to offer goods or services in India, it will also be covered. 
    • Only with an individual’s consent and for a legitimate purpose may personal data be processed. Certain legitimate uses, such as an individual’s voluntary data sharing or the State’s processing of data for licenses, permits, benefits, and services, may not require consent. 
    • Data fiduciaries will have a duty to ensure data accuracy, store data securely, and remove data after it has served its purpose. 
    • Individuals are given certain rights under the Bill, such as the ability to access information, request erasure and correction, and file grievances. 
    • Government agencies may be exempted by the central government from the Bill’s provisions for specific reasons, such as maintaining public order, state security, or deterring crime.
    • The Data Protection Board of India will be established by the central government to decide cases involving non-compliance with the Bill’s provisions. 

Problems with the 2023 Law 

    • Data collection, processing, and retention beyond what is necessary may result from exemptions to the State’s right to process data on the basis of things like national security.
    • The fundamental right to privacy might be violated by this.
    • Risks of injury resulting from the processing of personal data are not regulated by the Bill. 
    • The right to data portability and the right to be forgotten are not granted to the data principal by the bill. 
    • The Bill permits the export of personal data outside of India, with the exception of nations that the central authority. 
    • It’s possible that this mechanism won’t provide a sufficient assessment of data protection laws in the nations where personal data transfer is permitted. 
    • The terms of the appointments to the Data Protection Board of India are two years, after which they can be renewed.
    •  The Board’s ability to operate independently may be impacted by the short-term scope of re-appointment.

Need for Digital Data Protection in India

    • India has advanced technologically and is now on par with other countries, but it lags behind in having clear, stringent regulations that address all the recent changes in the handling of personal data. 
    • Over the past 20 years, numerous countries have passed new data protection laws, including the USA, China, and numerous others.
    • India’s laws are currently inconsistent.
    •  To stay current with international trends and cooperate with other countries, India needs to enact new laws. 
    • Even though India’s current Information Technology Act, of 2000 effectively addresses the nation’s data protection issues, the laws are not sufficiently enforced, making it a relatively soft law. 
    • India now requires strict execution when it comes to data protection. 
    • Spam is another issue that has grown in popularity recently; spam is when users keep receiving the same messages over and over again, cluttering their inboxes. 
    • India does not have laws that penalize spam senders like the USA and other European countries do. There is an urgent need for laws that address recently discovered issues.
    • Furthermore, since online transactions are now subject to RBI regulations, relevant laws must be followed when handling them. 
    • This makes new data protection laws in India more necessary. 
    • Technology is outdated even before it is introduced, and this is still the case in India today.
    • To handle the issues they raise, laws pertaining to online banking, publishing regulations, cyber defamation, cyberterrorism, cryptocurrency, and NFTs are just a few examples of provisions that urgently need to be addressed. 
    • Uncertainty caused by the intersection of multiple regulations for different areas is one of the primary causes of the breach of a substantial amount of data in India. 
    • There isn’t yet a single codified law in India that takes into account every aspect of data privacy and keeps track of the appropriate penalties. 
  •  

 

Important cases related to data protection

State of Tamil Nadu v. Suhas Katti (2004): 

    • This case is noteworthy because it prompted people to come forward and report instances of abuse they had encountered online across the country. 

Union of India v. Amar Singh (2011): 

    • This case is important in the context of Sections 69, 69A, and 69B of the IT Act, 2000. The court ruled that when there are significant inaccuracies in government orders “to tap phones,” the service provider is required to verify their validity. Furthermore, the court ordered the central government to set up rules and directives to prevent unlawful call interception.

Shreya Singhal v. Union of India (2015): 

    • The Supreme Court of India ruled that the entirety of Section 66A was unconstitutional because, according to Article 19(2) of the Indian Constitution, its intended protection against annoyance, inconvenience, danger, obstruction, insult, injury, and criminal intimidation went beyond the bounds of reasonable restrictions.

Union of India v. Justice K.S. Puttaswamy (Retd) (2017): 

    • The Indian Constitution’s protection of the right to privacy is upheld in this case.

Union of India v. Praveen Arimbrathodiyil (2021): 

    • In this instance, a number of businesses have challenged the 2021 regulations, including Quint, LiveLaw, WhatsApp, and the Foundation for Independent Journalists. 
    • The Supreme Court is currently considering a petition for listing in relation to information technology, and the decision it renders will have a significant impact on the future course of Indian law in this area.

Leave a Reply

Your email address will not be published. Required fields are marked *