The Digital Personal Data Protection Bill, a significant legislative proposal that aims to regulate the handling and protection of personal data in the digital realm, has garnered substantial attention and debate in recent times. In this editorial analysis, we will delve into the key provisions and implications of this bill, exploring its potential impact on individuals, businesses, and the broader digital landscape. As the digital ecosystem continues to expand and influence various aspects of our lives, understanding the intricacies of this proposed legislation becomes paramount in safeguarding the privacy and security of personal data in an increasingly interconnected world.
Tags: GS Paper – 2: Government Policies & Interventions.
GS Paper – 3: Cyber Security; IT & Computers.
The right to privacy; The right to information; Complementary or competing rights; Problems with the Bill.
The Digital Personal Data Protection Bill 2023 makes the government less transparent to the people and ends up making them transparent to both the government and private interests.
Decoding the editorial:
The right to privacy
- It was reaffirmed by a nine-judge Constitutional bench of the Supreme Court in 2017.
- It set an international benchmark and illustrated the new challenges to the right to privacy posed by the digital age.
The right to information
- It provides us access to government documents to ensure transparency and accountability of the government.
- Enacted as a law, the Right to Information Act (RTI) 2005 has played a critical role in deepening democratic practices.
Complementary or competing rights
- In a crucial way, the two rights complement each other.
- The right to information seeks to make the government transparent to us, while the right to privacy is meant to protect us from government and private intrusions into our lives.
- Yet, there are some tensions between the right to information and the right to privacy.
- For example, under MGNREGA, mandatory disclosure provisions are meant to ensure that workers can monitor expenditure and also facilitate public scrutiny through social audits.
- Everyone has access to data about individuals registered under the Act, including when and how much was paid to each worker.
- Unscrupulous operators can monitor, even scrape this data systematically to swindle workers of their hard-earned wages (for example, showing up at their doorstep with offers of lucrative ‘savings’ or ‘insurance’).
Problems with the Bill
- Undermines our rights: Our right to information is undermined without doing much to protect our right to privacy.
- Section 8(1)(j) of RTI, grants exemption from disclosure if the information which relates to personal information sought “has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual”, unless a public information officer feels that larger public interest justifies disclosure.
- It set a high benchmark for exemption, “information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.”
- The DPDP Bill 2023 suggests replacing Section 8(1)(j) with just “information which relates to personal information”.
- Makes the government less transparent: The undermining of rights also makes us increasingly transparent to both the government and private interests.
- The current requirement for public servants (including judges, and Indian Administrative Service officers) to disclose their immovable assets will likely be off limits.
- This is indeed “information related to personal information”, but it serves a larger public interest (for example, to identify public servants with disproportionate assets).
- Data mining can continue: Section 4(2) defines “lawful purposes” in the broadest possible manner as “any purpose which is not expressly forbidden by the law”.
- As scraping information on wages/pensions paid to workers/pensioners or mobile numbers of government scheme beneficiaries from government portals is “not expressly forbidden”, data mining can merrily continue.
- Section 36 allows the central government to ask the Board, data fiduciary or others to “furnish such information as it may call for”.
- Sections 4(2) and 36 together make our data fair game for both government and private entities.
- Lame-duck as a watchdog: The Data Protection Board, an oversight body will be under the boot of the government as the chairperson and members are to be appointed by the central government (Section 19).
- Ignoring social, political and legal context: In Europe, the General Data Protection Regulation (GDPR) has a strong watchdog that operates in a society with universal literacy.
- Yet, Edward Snowden warned of that the problem isn’t data protection, the problem is data collection.
- Restricting data collection is not even being discussed in India.
A weak board combined with the lack of universal literacy and poor digital and financial literacy, as well as an overburdened legal system, mean that the chances that citizens will be able to seek legal recourse when privacy harms are inflicted on them are slim.
Source: The Hindu
Frequently Asked Questions (FAQs)
1. What is The Digital Personal Data Protection Bill 2023?
Answer: The Digital Personal Data Protection Bill 2023 is a proposed piece of legislation in India that aims to regulate the collection, processing, and storage of personal data in the digital sphere. It seeks to establish comprehensive guidelines for data protection, ensuring that individuals’ privacy and data security are upheld in the digital age.
2. How does the bill address the protection of personal data?
Answer: The bill outlines several measures to protect personal data, including the requirement for organizations to obtain explicit consent for data collection, provisions for the storage of data within India, and the establishment of a Data Protection Authority to oversee compliance and enforcement. It also empowers individuals with rights to access, correct, and delete their data.
3. What are the implications of the Digital Personal Data Protection Bill for businesses?
Answer: The bill places significant compliance obligations on businesses that handle personal data. They will need to implement stringent data protection measures, including data encryption, impact assessments, and appointing Data Protection Officers. Non-compliance can result in substantial fines and penalties.
4. Does the bill have any provisions for cross-border data transfer?
Answer: Yes, the bill does address cross-border data transfer. It permits the transfer of personal data outside India under specific conditions, subject to data localization requirements and the approval of the Data Protection Authority. Adequate safeguards must be in place to ensure the privacy and security of the data.
5. How will the Digital Personal Data Protection Bill impact individuals’ privacy rights?
Answer: The bill is designed to enhance individuals’ privacy rights by giving them more control over their personal data. It grants individuals the right to know what data is collected about them, request corrections, and even request the deletion of their data. This empowers individuals to have greater control over their personal information in the digital realm.
In case you still have your doubts, contact us on 9811333901.
For UPSC Prelims Resources, Click here
For Daily Updates and Study Material:
Join our Telegram Channel – Edukemy for IAS
- 1. Learn through Videos – here
- 2. Be Exam Ready by Practicing Daily MCQs – here
- 3. Daily Newsletter – Get all your Current Affairs Covered – here
- 4. Mains Answer Writing Practice – here