Issue at Hand:
- A legislative panel proposed 81 modifications to the Personal Data Protection Bill, and after that the Union administration withdrew it. Here's India cannot afford to go too long without a strong data protection law. It took almost 20 days to introduce new draft in the Personal Data Protection Bill,2019. The Bill provided broad guidelines for the collection, storage, and processing of personal data, as well as individual consent, penalties and compensation, and a code of conduct. The drafted Bill defined 'sensitive personal data' as passwords, financial data, health data, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste, or tribe, and religious or political belief or affiliation.
- The government withdrew the Personal Data Protection (PDP) Bill, 2019, therefore putting an end to the country's five-year-long search for a national data protection law. National security or reasonable purposes are broad concepts that can lead to the state intruding into people' private life.
- The lack of a data protection framework in India for a long time is a major source of worry in the intern markets. Aside from the bill's flaws, India now lacks a law to govern its citizens' digital privacy (provided in article 21 in the constitution of India). The digital world indicates an impending crisis in the implementation of data protection laws.
Enunciation of Rights Connected with the Issue:
The right affected by the issue is right to privacy which is guaranteed under article 21 of the Indian Constitution. Majorly there are three privacy issues related to it:
- Data Localisation- is a process of transferring a citizen's data to their home country (which is India in this case) for processing, storage, and collection before it gets transferred to an international level. This at least secured individuals to take control of their personal data and to assist organisations in conducting lawful personal data processing.
- Although it was not clear in the bill what constitutes critical personal data, as Section 33, sub-section (2) of the bill states that the word 'critical personal data' implies those personal data which the Central Government implies to be critical personal data.
- "The removal of the proposed Data Protection Bill, 2021, symbolises the disappointing conclusion of the legislation's long and difficult consultation and review process. While the 2021 version was far from flawless, we are worried that this withdrawal has returned us to where we were in 2018, rather than where we should be in 2022."
- Intermediaries in social media- To combat fake news, which incites aggression among the public and prevents free and fair elections in the country, the proposed measure gave social media sites the authority to verify their users' accounts. However, the method in which the platforms are expected to support this verification is not provided and hence is another key topic left to delegated law. Further, which documents are to be verified and what will be the repercussions of verification are not provided.
Identification of the Persons of Inherence and Persons of Incidence of the Right:
Person of inherence is the one who inherits right and person of incidence are those who are bound by duties not to breach the rights of the person of inherence.
In this case person of inherence is the citizen of India whose data are being collected and transferred and person of incidence is any per who infringes personal data of the citizens (it can be a person, website, app, company, state, etc) as it is duty bound not to infringe the right to privacy of the citizens.
How the Protection of the Identified Right/Rights Shall Advance the Life of the Persons of Inherence:
- People's right to privacy will prohibit the government from spying on them.
- Privacy laws prevents others from using personal data for their own goals.
- Privacy laws make sure that those who steal or misuse data are held accountable.
- Privacy laws regulates balance in the society.
- Privacy laws contribute to the development of trust.
- Privacy laws makes sure that we have control over our data.
- Privacy laws safeguards freedom of speech and expression under article 19.
- It allows one to participate freely in politics, protect one's reputation and finances as well.
Personal data protection law created a trust relationship between individuals and entities processing personal data, as well as protecting the basic rights of individuals whose personal data has been handled. Now, the right to privacy is a basic right under article 21 of the Indian Constitution, and protecting personal data as an integral part of informational privacy has become crucial. The growth of the digital economy has resulted in an ever-increasing usage of data as a vital form of communication between individuals.
As a result, it is critical to establish a common culture that encourages a free and fair digital economy, protects people' information confidentially, and assures empowerment, advancement, and innovation through digital governance and inclusion. The privacy protection bill specifies the standards for a data fiduciary to collect only the data required for defined purposes after getting the data principal's explicit consent.
The data protection laws assist the data principal in obtaining their personal data, as well as correcting, updating, and deleting their data. It also grants the right to transfer data to other trustees and to limit or prevent the disclosure of personal data. The lack of a data protection law limits a person's ability to file a complaint against a data fiduciary because there is no data protection authority. Financial, health, official identifiers, sex life, sexual orientation, biometric, genetic, gender status, religious and political beliefs, and other data have all become vulnerable.
End-Notes
- The Internet Freedom Foundation
- Reasons Why Privacy Rights Are Important:
https://www.humanrightscareers.com/issues/reasons-why-privacy-rights-are-important/
Please Drop Your Comments