The extensive web of data leaves the human mind with sleepless nights and overloads of personal information exchanged through photos, videos or sensitive data shared across professional and social media platforms. The pilferage of data often irks the human mind with the little choice it has over granting access to the apps to use the phone's camera, microphone, contact list etc. To ease these niggling worries Personal Data Protection Bill 2018 is here. Justice Srikrishna Committee's draft on the Personal Data Protection Bill 2018 is being mooted and if made into a law and implemented could be a game changer and address the burning issues around data privacy of personal information in India.
On July 27, 2018, a ten-member expert committee chaired by retired Indian Supreme Court Justice B.N. Srikrishna on data protection framework in India submitted a 176-page report with a draft bill entitled "The Personal Data Protection Bill, 2018" to the Minister of Electronics and Information Technology, Ravi Shankar Prasad.
Till recently, the privacy laws in India offered limited protection against data misuse of the user's personal information. The transfer of personal data in India is currently governed by the Sensitive Personal Data and information rules, 2011 which has of late proved to be inadequate.
The proposed Data Protection Bill 2018 puts individual consent imperative to data sharing. The bill asserts the right to privacy is a fundamental right and unless the users have given their explicit consent, their personal data will not be shared or processed. The bill gives all the power to the user to make an informed choice.
The drafted Personal Data Protection bill 2018 also states that any person processing the user's personal data will be done in a fair and reasonable manner. In other words, customer data should be processed only for use it was intended to be used for.
The punishment in failing to meet the provisions will cost companies hefty fines, the bill lists penalties that can go up to up to ₹15 crore or 4 percent of a company's total worldwide turnover.
The Srikrishna Committee and the Government of India need to address the shortcomings and failures in 11 areas of global data protection standards, which include the following areas:
• Assist with transparent and inclusive negotiations, and understand the issues at play.
• Explain the list of binding data protection principles in the law.
• Include the legal basis authorizing data to be processed.
• Add a list of binding users' rights in the law.
• Provide a platform for binding and transparent mechanisms for secure data transfer to third countries.
• Facilitate data breach prevention and notification mechanisms.
• Establish independent authority and robust mechanisms for Personal Data Protection bill 2018 enforcement.
• Do not ask for broad data protection and privacy limitations for national security.
• The bill should not authorize personal data processing based on the legitimate interest of companies without strict limitations.
• The "right to be forgotten" should not be added to the bill and companies should not be given the authority to gather sensitive data without consent.
The Personal Data Protection bill 2018 is important as it addresses the privacy and data protection framework for the next billion users of the internet. Data privacy concerns have been the point of debate for many giants today. The recent admission by Facebook about data pilferage of 87 million users, including 5 lakh Indian users, was shared with Cambridge Analytica adds to data privacy concerns experienced worldwide. Administering concerns, the EU had enacted the General Data Protection Regulation (GDPR) which focused on the right to privacy as one of the fundamental rights. GDPR requires explicit consent from the users for their data usage. The draft of Personal Data Protection Bill 2018 applicable to the Indian landscape follows the implementation of the GDPR and the legal frameworks in other countries.
Experts feel that India's data protection bill draft lacks key pointers and does not address some of the key issues. Data Ownership has been one of the important concerns that have been completely ignored. Under the Srikrishna Committee's data protection bill draft, the 'right to be forgotten', is defined differently as the right to restrict or prevent the disclosure of personal data. The process to justify why the consumer will not want to give his/her consent is also long-winded.
Ardent users of social media platforms would have seen the privacy laws in the country, no doubt has far-reaching implications. Facebook like data sharing incidents or default consent forms that hardly provide users with the choice on sharing data or the constant messages asking their permission to access their camera, location, contact list call need a robust data privacy law that encompasses all players in the ecosystem.
The draft Personal Data Protection Bill 2018 seeks to amend one of the most celebrated rights of Indian democracy, which is The Right to Information, and an informed beginning has been made.
