The government came out with a new draft data protection bill in November 2022. The draft bill is out in the public for consultation and feedback. In this article, you can read all about the new data protection bill 2022 for the UPSC exam. Important bills and acts passed by Parliament are very important for the IAS exam polity and governance segment.
Digital Personal Data Protection Bill, 2022
The government had introduced the Personal Data Protection Bill, 2019 in the Lok Sabha in 2019. However, the bill was withdrawn in August 2022 citing the inadequacy of the provisions in meeting global standards regarding data privacy. The new bill has been introduced after a revamp of the provisions.
The salient features of the draft Digital Personal Data Protection Bill, 2022 are as under.
- The new bill seeks to establish a Data Protection Board (DPB) with the purpose to adjudicate on the matter of data protection.
- It also seeks to establish Data Protection Officers or independent data auditors by companies of large size with the objective to verify the compliance of the law by the institutions concerned.
- The data principals (whose data it is) were given additional rights with respect to their personal data. The data principals can ask the companies concerned to erase or delete their data.
- This bill laid an additional layer of obligation or duty on the companies with respect to data.
- Companies will not be obligated to keep user data that no longer serves a business purpose.
- Companies should not process personal data that could harm minors (children under 18 years of age).
- The new data protection law came out with the intention to provide an additional layer of security to the personal data of the citizens.
- The new bill also relaxes the norms related to cross-border data flow as this was a matter of concern for big tech companies.
- It also eases compliance requirements for start-ups.
- The bill also enumerates the conditions under which proposed legislation can be breached by the government agencies in case of exigencies like:
- Sovereignty and integrity of India,
- Security of the state,
- Friendly relations with foreign states,
- Maintenance of public order or preventing incitement to any cognisable offence.
- The right to portability that was provided in the previous version has been done away with.
- The ‘deemed consent’ has been introduced to cover non-consent-based grounds for processing data.
- There is recognition of alternate dispute resolution processes like arbitration.
- Hardware certification and algorithmic accountability are also eliminated in the new proposal.
- For the benefit of end users, a sort of deterrent has been provided for data leakages by imposing high penalties in case of a breach.
- Moreover, there is also a provision of consent for data sharing and only when permission is given by the end user, the data can be written.
Significance of the new proposed legislation:
- The proposed bill was brought into being only after a comprehensive review of similar laws in the EU, Singapore, and many other jurisdictions.
- The proposed bill would provide predictability of law and enable the companies to align their policies in consonance with the proposed legislation.
Draft Digital Personal Data Protection Bill Concerns
Some of the concerns raised by experts about the proposed data protection bill are discussed below.
- The draft bill provides a blanket exemption to the security agencies with respect to complying with the provision of the law.
- Exemptions are granted on the basis of loosely defined terms like sovereignty and integrity of India, public order, and security of the state. This can be misused by the authorities.
- The earlier bill had an institution called the Data Protection Authority, it was supposed to be a statutory authority. But, the new bill envisages a board to be appointed by the government. The nature of the Data Protection Board is still not clear. It should be clarified whether it would be a judicial body or an administrative body.
- Relaxing the data localisation norms would lead to the misuse of data by foreign nationals.
- The draft will solve the issue of data security only in the primary stage and lacks provision for advanced and complex cases.
- Another challenge associated is the emergence of the metaverse and its probability to impact every aspect of life.
- A single framework for different sectors like e-commerce platforms, health techs, automobile companies, etc. is also a serious concern.
Also read a gist of the Sansad TV Perspective discussion on the draft personal data protection bill by experts in the link.
Conclusion: Data is a new fuel in the modern world. There has been huge competition among companies to gain hegemony over citizens’ data. This can seriously enable the companies to manipulate the free will of the citizens. Therefore, the time calls for proper protection and processing of the data based on the prior information given to the user. The new data protection bill has to rise up to this expectation.
Draft Digital Personal Data Protection Bill, 2022:- Download PDF Here
|Puttaswamy Case and the Right to Privacy||Metaverse|
|Bharatmala Pariyojana||Artificial Intelligence|
|New E-Commerce Rules in India||GS 2 Structure, Strategy and Syllabus for UPSC Mains|