More about Personal Data Protection Bill 2019
The Supreme Court of India gave a historical judgement of Right to Privacy in Indian Constitutional rights by K. Puttswamy case in 2017. B.N. Srinivasan drafted a bill for data protection in 2018 but later it got revised and named The Personal Data Protection Bill 2019(PDPB).
Why is personal data important? In 2018, Cambridge Analytica and Facebook were caught in a data breach of 150 million US citizens further affected the 2018 US elections. In India, there are factors like caste, religion, race, gender which can be targeted and manipulated to acquire power. In the 2020 pandemic, Online classes and Work from home helped us sustain. Online platforms like Facebook, Instagram, Linked In, Zoom etc., collect sensitive personal data which makes us vulnerable to the data fiduciaries. Thus, protecting individual entity not only becomes an issue of the individual right to privacy but also a matter of national security.
“If you are not paying for the product, you are the product”. These social media apps run not only on advertisements but also on the user’s attention. There is a great deal of data collection and we are unaware of how its algorithm works and that makes it a pandora’s box of possibilities. Thus, regulating huge online platforms becomes essential.
PDPB is inspired by the European Union’s strong law called GDPR (General Data Protection Regulation) in 2016. Below are a few observations:
Consent (section 11) is highly unclear in Chap 2 and Chap 3 of this bill. In GDPR, it is necessary for data collection that consumer is provided with clear privacy policies and has a choice to withdraw their consent. But in PDPB, withdrawing consent can be fined for the consumers. These Data fiduciaries or Data processors must mention policies in an easily comprehensible way for consumers to understand their options better. Various terms like ‘personal data’, ‘critical personal data, ‘sensitive personal data are used in this bill but specifications of exactly what it consists of remains unsaid. While searching for a legal base, one of the reasons to access data can be “reasonable purposes”. This gets limited as specified in regulation rather than GDPR’s same reason called legitimate interest which has broader aspects covered.
Alexander Nix of Cambridge Analytica said- “With your data, we know you better than yourselves!” 85% of Indian Youth consists of non-adult users of smartphones. Thus, the influence on children is important to keep a track of. PDPB has an age threshold of 18 and bars the guardian data fiduciaries from profiling, tracking, and targeted advertising. Data localization is a term restricting all sorts of data transferring cross-border. This may cause a problem to ease of doing business. The PDPB lets the Data Protection Authority of India decide the thresholds of “significant data fiduciary” and assigning a Data Protection Officer may pose a challenge to global organizations.
This bill needs emphasis on fine lines as well as change on larger grounds. There must be in-depth scrutiny of this bill to understand the nitty-gritty of privacy and human security.