Privacy has become the source of defence against the exploitation of personal information in this digital world. With a satisfying experience of the Indian Contract Act, 1872 and the Information technology Act, 2000; The Government of India had analysed the need for an advanced act to protect people’s data from being breached and misused. The Supreme Court’s action of amending the constitutional provisions of Article 21 by adding the Privacy as a fundamental right is being supplemented by the representatives via the Data Protection Bill, 2019 that had been introduced in the Lok Sabha in the 11th of December, 2019.
Why Data Protection Bill, 2019?
The Information Technology Act, 2000 and the IT Rules, 2011 play a critical role in safeguarding the data of the citizens but it is focussed on protecting only sensitive information like the passwords, bank information and card details, health condition of the user, etc. Section 69 of the act gave importance to the country’s interest in individual interest. So, there is a need for an advanced act to protect the privacy of citizens on a multidimensional scale without compromising the country’s sovereignty. The Personal Data Protection Bill is carefully crafted keeping in mind, all that the “digital justice” needs.
- Responsibilities of the Data fiduciary: The data fiduciary is an entity that deals with the personal data and processes them abiding by the legal process. This bill had given guidelines to the data fiduciary to deal with the personal data reasonably without compromising the privacy of the individual. The fiduciary should provide relevant information to the individual regarding the processing of data and provide grievance support; Source of data collection if not gathered from the respective individual and eventually assists the individual regarding complaints on misuse. According to the bill, every action the data fiduciary takes should reach the knowledge of the individual.
- Data fiduciary on protecting the personal data of the child: As the internet had reached a wide arena of population, the bill had put some light on children’s data processing and had drawn some regulations on the principles of data fiduciary dealing with the children’s data. “Guardian Data fiduciary” as it is named by the bill according to subsection 4, is restricted to process the data which are harmful to the children on any aspect. Further, the fiduciary providing services regarding child protection or child counselling does not need the consent of the parent or guardian of the child to offer such services.
- Rights of the person over their data: The individual has some exclusive rights over the data fiduciary to ask for the personal data in a structured manner. Also, the person can ask the fiduciary to correct or change the data that had been created mistakenly, correct the data that had been left out incomplete and also ask the data fiduciary to process the data to the targeted population on a priority basis. A particular person can restrict the disclosure of the data by writing an application to the Adjudicating officer where the disclosure can be restricted by official order. If not satisfied, the person can request for reviewing the order made by the office and on further grounds can move to the Appellate Tribunal.
- Data Protection Authority of India (DPA) – The bill had come up with setting up an authority to govern the data protection measures. Being framed as a data corporate, the body will have a Chairman and a maximum of six members with a wide experience in law, especially in the legal fields of information technology and data protection.
The functions of the body include
Section 69 of the IT Act is being reflected in this bill to give some exceptional powers to the Government to protect the sovereignty and integrity of the nation and to promote international relations. According to the bill, the personal data can be processed by the data fiduciary for investigation purposes and to get any sort of cognizable offense into the limelight. Also, some of the personal data can be ethically processed for journalistic purposes under the regulations prescribed by the Press Council of India.
- monitoring of the provisions of the act by taking prompt action against the data breach,
- creation and maintenance of a database of those digital fiduciaries;
- conducting audit reports on the activities of those fiduciaries;
- Classification of fiduciaries based on function and category;
- Monitoring of technological development and creating rules and regulations to protect personal data.
As we all know, our Indian constitution is the source of Individual rights which is unique and different from other constitutions of the world. The Personal Data Protection Bill had rightly showcased the above statement and had given priority to protect the privacy of the people.