According to the latest news reports, the long-awaited Personal Data Protection Bill, 2018 is likely to be introduced in the Indian Parliament in coming June after general elections get over, as per a leading daily.
The Bill was planned to be put in action and supposed to be placed before the Parliament in the current winter session by the Government. According to MeitY, multiple changes vetted in the Bill have now been incorporated in a draft and was sent to Union Ministry of Law. Sources indicate that the Bill was not placed in the current session of Parliament which ends on January 8 and nor will it be tabled in the budget session.
On July 27, 2018, a ten-member expert committee chaired by retired Indian Supreme Court Justice BN Srikrishna on data protection framework in India submitted a 176-page report with a draft bill entitled, “The Personal Data Protection Bill, 2018 to MietY after which another round of public consultation, which attracted almost 600 sets of feedback which included that of the US government too.
The first version of the privacy bill was drafted in 2010 and since then, multiple versions and drafts have been prepared, none of which have seen the light of day. Experts believe that India’s data protection bill draft lacks key pointers and does not address some of the key issues also. Data Ownership has been one of the important concerns that have been completely ignored till now.
In a landmark judgement in August 2017, the Supreme Court ruled that privacy is a fundamental right, though it is not absolute. It also limited the use of Aadhaar for only welfare payments or just for the filing of IT returns in 2018.
The Union Government tabled multiple amendments in the current session of Parliament to allow voluntary usage of Aadhaar by customers as a means of authentication by both telcos and banks late after such judgments were made by the apex court.
“The present government had repeatedly committed to parliament, the Supreme Court and the public that it would introduce and enact a data protection law. Instead, MEITY appears to have prioritised overboard amendments to the Aadhaar Act, interception notifications and additional regulations on online speech platforms. This is an unfortunate and disturbing disappointment,” said the Asia Policy Director of Access Now, Ramanjit Singh Chima to a leading daily.
The proposed Data Protection Bill 2018 puts individual consent imperative to data sharing. The bill asserts the right to privacy is a fundamental right and unless the users have given their explicit consent, their personal data will not be shared or processed. The bill’s mandate on data localisation is one of the most awaited and watched provisions by tech companies in abroad.
The panel on data protection which prepared its report and the drafted bill, recommended that a copy of all personal data must be stored in India, while all information of a critical nature is kept at the local level.
The Srikrishna committee had left it to the government to define critical personal data. But the government was in view that sector regulators and relevant departments would get to define what constitutes sensitive personal information.
As per the drafted bill, both citizens and internet users will have the final say on how and for what purpose their personal data can be used, and they will have the right to withdraw consent. In certain conditions, there will also be the option of ‘right to be forgotten’ that has been included in the draft.
But, certain recommendations by the Srikrishna committee have raised concerns and invited ire of the companies. The persistent inclusion to restrict the cross-border flow of personal data and criminal prosecution and heavier penalties against those violating data privacy rules is detrimental to the business as the penalties are subjected to be equivalent to that of 4% of a company’s global turnover.
Personal data has emerged as the single most important roadblock for the evolution of information technology to take place. The proposed bill is though late but much-needed effort to safeguard Indian citizens and its national interest.
