{"id":14290,"date":"2021-03-09T00:00:00","date_gmt":"2021-03-09T00:00:00","guid":{"rendered":"https:\/\/www.nextias.com\/current_affairs\/uncategorized\/09-03-2021\/personal-data-protection-pdp-bill\/"},"modified":"2021-03-09T00:00:00","modified_gmt":"2021-03-09T00:00:00","slug":"personal-data-protection-pdp-bill","status":"publish","type":"post","link":"https:\/\/www.nextias.com\/ca\/current-affairs\/09-03-2021\/personal-data-protection-pdp-bill","title":{"rendered":"Personal Data Protection (PDP) Bill"},"content":{"rendered":"<p><strong>In News: <\/strong>\u2018No data is permanently anonymised\u2019: Experts warn of re-identification risks.<\/p>\n<ul>\n<li>Non-Personalised Data like Browsing Pattern can also be used by fiduciaries to detect the behavioural patterns of individuals.<\/li>\n<li>Thus even Non-personal data can be used for deducing personal traits and requirements.<\/li>\n<li>It is in conflict with <strong>Right to Privacy<\/strong>.<\/li>\n<\/ul>\n<p><strong>Personal Data Protection Bill<\/strong><\/p>\n<ul>\n<li>It is India&#8217;s first attempt to domestically legislate on the issue of data protection.<\/li>\n<li>The Bill derives its inspiration from a previous draft version prepared by a committee headed by retired Justice B N Srikrishna.<\/li>\n<li><strong>Data Fiduciaries:<\/strong> The 3 categories of Data created by the Bill are\n<ul>\n<li><strong>Personal data:<\/strong> Data from which an individual can be identified like name, address etc.\n<ul>\n<li>No Data Mirroring is required.<\/li>\n<li>Individual consent will suffice.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Sensitive personal data (SPD):<\/strong> Some types of personal data like as financial, health, sexual orientation, biometric, genetic, transgender status, caste, religious belief, and more.\n<ul>\n<li>To be stored only in India.<\/li>\n<li>\u00a0It can be processed abroad only under certain conditions including approval of a Data Protection Agency (DPA).<\/li>\n<\/ul>\n<\/li>\n<li><strong>Critical personal data:<\/strong> Anything that the government at any time can deem critical, such as military or national security data\n<ul>\n<li>Critical personal data must be stored and processed in India.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Non Personal Data:<\/strong> The Bill mandates fiduciaries to provide the government any non-personal data when demanded.\n<ul>\n<li>The <strong>&#8216;data fiduciary&#8217;<\/strong> may be a service provider who collects, stores and uses data in the course of providing such goods and services.<\/li>\n<li>Non-personal data refers to anonymised data, such as traffic patterns or demographic data.<\/li>\n<li>The previous draft did not apply to this type of data, which many companies use to fund their business model.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>Impact on Social Media Companies:<\/strong> Significant Data Fiduciaries (the fiduciaries with huge volume and processing sensitive data) have to develop their own user verification mechanism.\n<ul>\n<li>It will reduce anonymity of users and decrease trolling, fake news and cyberbullying.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Exemptions for Data Processing without consent:<\/strong> They have been provided for reasonable purposes like\n<ul>\n<li>Security of the state.<\/li>\n<li>Detection of any unlawful activity or fraud.<\/li>\n<li>Whistleblowing.<\/li>\n<li>Medical emergencies.<\/li>\n<li>Credit scoring.<\/li>\n<li>Operation of search engines.<\/li>\n<li>Processing of publicly available data.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Creation of Independent Regulator: <\/strong>The Bill calls for the creation of an independent regulator Data Protection Authority, which will oversee assessments and audits and definition making.\n<ul>\n<li>Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for auditing, grievance redressal, recording maintenance and more.<\/li>\n<li>The Bill proposes \u201cPurpose limitation\u201d and \u201cCollection limitation\u201d clause, which limit the collection of data to what is needed for \u201cclear, specific, and lawful\u201d purposes.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Control Over Data:<\/strong> It also grants individuals the right to data portability and the ability to access and transfer one\u2019s own data.\n<ul>\n<li>\u00a0The right to be forgotten is also given.<\/li>\n<li>With historical roots in European Union law, General Data Protection Regulation (GDPR), this right allows an individual to remove consent for data collection and disclosure.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Penalty:<\/strong> The Bill stated the penalties as: Rs 5 crore or 2 percent of worldwide turnover for minor violations and Rs 15 crore or 4 percent of total worldwide turnover for more serious violations.\n<ul>\n<li>Also, the company\u2019s executive-in-charge can also face jail terms of up to three years.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Need <\/strong><\/p>\n<ul>\n<li><strong>Law Enforcement:<\/strong> Data localisation can help law-enforcement agencies access data for investigations and enforcement.\n<ul>\n<li>Cross-border data transfer of data\u00a0 through individual bilateral \u201cmutual legal assistance treaties\u201d is a cumbersome process.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Cyber Security:<\/strong> Recently, many WhatsApp accounts were hacked by an Israeli software called Pegasus.<\/li>\n<li><strong>Curbing Fake News:<\/strong> Many instances like lynching, national security threats, etc can now be prevented in time.<\/li>\n<li><strong>Data Sovereignty:<\/strong> Data localisation will also increase the ability of the Indian government to tax Internet giants.<\/li>\n<\/ul>\n<p><strong>Criticism<\/strong><\/p>\n<ul>\n<li><strong>No relevance of Localised Data:<\/strong> Few critics point out to the fact that even if the data is stored in the country, the encryption keys may still be out of reach of national agencies.<\/li>\n<li><strong>Open Ended Definitions: <\/strong>National security or reasonable purposes are open-ended terms, this may lead to intrusion of state into the private lives of citizens.<\/li>\n<li><strong>Criticism from Tech Giants:<\/strong> Facebook and Google have criticised protectionist policy on data protection (data localisation) on ground of Domino Effect.<\/li>\n<li><strong>Against Ethos of Free Market:<\/strong> Protectionist regime supress the values of a globalised, competitive internet marketplace, where costs and speeds determine information flows rather than nationalistic borders.<\/li>\n<li><strong>Difficulties for Indian Startups:<\/strong> Due to higher compliance cost, it may backfire on India\u2019s own young startups that are attempting global growth, or on larger firms that process foreign data in India.<\/li>\n<li><strong>Reidentification Risks:<\/strong> With growing technology, now browser data itself can be used to derive personal conclusions which is threatening Right to Privacy.<\/li>\n<\/ul>\n<p><strong>Way Forward<\/strong><\/p>\n<ul>\n<li>The prime challenge is to balance between the growth opportunities posed by Free Data and Right to Privacy as Fundamental Right as declared by Puttaswamy Judgement 2017.\n<ul>\n<li>In this context, India must promote Data Localisation with care and by more scientific and organic categorisations.<\/li>\n<li>The open ended definitions must be clearly defined.<\/li>\n<\/ul>\n<\/li>\n<li>The Localised Data will also help new entrepreneurs to fill the digital infrastructure gap.<\/li>\n<\/ul>\n<table border=\"1\" cellspacing=\"0\" style=\"width:624px\">\n<tbody>\n<tr>\n<td style=\"background-color:#fce5cd; width:468.0pt\">\n<p><strong>What is Data?<\/strong><\/p>\n<ul>\n<li>Data is a huge collection of information generated by different means and stored on digital platforms.<\/li>\n<li>Data Collection and Processing are two aspects of Data.\n<ul>\n<li>Fiduciaries are the one who collect and handle the data whereas processing can be done by third parties too.<\/li>\n<li>Eg. Facebook is fiduciary while Cambridge Analytica was the processor drawing meaningful conclusions from data.<\/li>\n<\/ul>\n<\/li>\n<li>Data is new Oil for new generation industries like advertising, machine learning, artificial intelligence, etc.<\/li>\n<li>Japan, US and many developed nations want free flow of Data but India is tilted towards Data Localisation to protect it\u2019s local industries and citizens.<\/li>\n<\/ul>\n<p><strong>Key Definitions<\/strong><\/p>\n<ul>\n<li><strong>Data Principal:<\/strong> The individual whose data is being stored and processed is called the data principal in the PDP Bill.<\/li>\n<li><strong>Data Transfer:<\/strong> Data is transported across country borders in underwater cables.<\/li>\n<li><strong>Data localisation:<\/strong> It is the act of storing data on any device physically present within the borders of a country.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Source: <\/strong><a href=\"https:\/\/indianexpress.com\/article\/technology\/tech-news-technology\/personal-data-protection-bill-no-data-is-permanently-anonymised-experts-warn-of-re-identification-risks-7219992\/\" target=\"_blank\" rel=\"noopener\"><strong>IE<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In News: \u2018No data is permanently anonymised\u2019: Experts warn of re-identification risks. Non-Personalised Data like Browsing Pattern can also be used by fiduciaries to detect the behavioural patterns of individuals. Thus even Non-personal data can be used for deducing personal traits and requirements. It is in conflict with Right to Privacy. Personal Data Protection Bill [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14291,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21],"tags":[30],"class_list":["post-14290","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-current-affairs","tag-gs-2"],"acf":[],"jetpack_featured_media_url":"https:\/\/wp-images.nextias.com\/cdn-cgi\/image\/format=auto\/ca\/uploads\/2023\/07\/3043191current-affairs (1).jpg","_links":{"self":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/14290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/comments?post=14290"}],"version-history":[{"count":0,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/14290\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media\/14291"}],"wp:attachment":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media?parent=14290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/categories?post=14290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/tags?post=14290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}