The proposed Personal Data Protection Bill (PDPB) seeks to bring about a comprehensive overhaul of India’s current data protection policies.
- According to United Nations Conference on Trade and Development 128 out of 194 countries have put in place legislations to secure the protection of data and privacy.
- In India Personal Data Protection Bill seeking to provide for the protection of personal data of individuals and establish a Data Protection Authority for the same, was brought in Parliament in 2019 and was referred to the Joint Committee for further scrutiny.
- The JPC examining this bill has now been given an extension till the last week of the ongoing Winter Session of the Parliament to submit its report.
What is Data Privacy
- Data Privacy or Information privacy is a part of the data protection area that deals with the proper handling of data focusing on compliance with data protection regulations.
- It is centred around how data should be collected, stored, managed, and shared with any third parties, as well as compliance with the applicable privacy laws.
Why Data protection is so important worldwide?
- As more and more social and economic activities take place online, the importance of privacy and data protection is being increasingly recognized.
- In June 2020, the United Nations Secretary-General Antonio Guterres laid out a UN roadmap for digital cooperation, and acknowledged his concerns that the fourth industrial revolution was making the world more unequal, and benefitting a small number of people.
- According to UN’s report on Roadmap for Digital Cooperation 2020 more than 7,000 data breaches were recorded in 2019 exposing more than 15 billion records.
- As per estimates, the potential cost of worldwide data breaches will be more than $5 trillion by 2024.
Why New Bill on Data Protection?
- The two-decade-old Information Technology Act, 2000 (IT Act), the existing governing law, hasn’t been able to keep up with the rapid advancements in technology.
- With India recently witnessing a massive increase in cyberattacks, cybercriminals have been steadily discovering new ways to obtain sensitive personal information.
- To make matters worse, the pandemic has catapulted the digital ecosystem forward by years, and remote work has expanded the attack surface available to hackers.
- Regulatory authorities have been scrambling to catch up, and organisations are left wondering how they can mitigate this ever-evolving privacy landscape.
- Amid the proliferation of computers and the Internet, consumers have been generating a lot of data, which has allowed companies to show them personalised advertisements based on their browsing patterns and other online behaviour.
- Companies began to store a lot of these datasets without taking the consent of the users, and did not take responsibility when the data leaked. To hold such companies accountable, the government in 2019 tabled the Personal Data Protection Bill for the first time.
- Recent high-profile cyberattacks have had a powerful effect on the regulatory landscape of the country. The PDPB thus comes at a much-needed time when the country is seeing exponential digital growth.
What draft PDPB, proposed in 2019 says?
- The draft, proposed in 2019, is currently being studied by a joint committee of parliament after many stakeholders, including social media firms, privacy experts, and even ministers, opposed some of its provisions.
- While it may yet take some time for the law to be enacted and fully implemented, organisations would do well to be prepared.
- It will be India’s first law focusing solely on data privacy and protection. It covers:
- Requirements for notice and prior consent for the use of individual data.
- Limitations on the purposes for which data can be collected or processed, and it has restrictions to ensure that only the data essential for providing a service is collected.
- Data localisation requirements, and it necessitates the appointment of data protection officers within organisations.
- Establishing a separate regulator called the Data Protection Authority of India (DPA) to protect and regulate the use of citizens’ personal data.
The time is ripe for organisations that haven’t yet started or are just getting started on their compliance journey as data privacy is going to play a pivotal role in the years to come. By adopting a layered, comprehensive approach to data security, organisations can confidently embrace the PDPB and, once compliant, should view this as a competitive advantage.