Personal Data Protection Bill 2019- Relevance for UPSC Exam
- GS Paper 2: Governance, Administration and Challenges- Government policies and interventions for development in various sectors and issues arising out of their design and implementation.
Personal Data Protection Bill 2019- Context
- Recently, the Joint Parliamentary Committee (JPC) started working again after a gap of more than months towards finalizing the Personal Data Protection Bill 2019.
- Earlier, the Personal Data Protection Bill 2019 was introduced in the Lok Sabha in December 2019 and then sent to JPC for detailed discussion and considerations.
- JPC is yet to submit its report on the Bill.
Personal Data Protection Bill 2019- Key Points
- Background: In its landmark ‘Justice K.S. Puttaswamy (Retd) v. Union of India’ judgment, the supreme court called for a data protection law that can effectively protect users’ privacy over their personal data.
- This followed the formation of an Experts Committee under the Chairmanship of Justice (Retd) B.N. Srikrishna suggested a draft data protection law.
- The Personal Data Protection Bill, 2019 is a revised version of the draft legislative document proposed by the Committee.
- The Personal Data Protection Bill amends the Information Technology Act, 2000 to delete the provisions related to compensation payable by companies for failure to protect personal data.
- Definition of personal data: Personal data is data that pertains to characteristics, traits, or attributes of identity, which can be used to identify an individual.
- Scope of the Bill: The Bill governs the processing of personal data by-
- Companies incorporated in India, and
- Foreign companies dealing with the personal data of individuals in India.
Personal Data Protection Bill 2019- Key Features
- Categorizes certain personal data as sensitive personal data: This includes financial data, biometric data, caste, religious or political beliefs, or any other category of data specified by the government, in consultation with the Authority and the concerned sectoral regulator.
- Defines certain Privacy-related terms:
- Data Principal: The individual whose data is being stored and processed is called the data principal.
- Data Fiduciary: The ‘data fiduciary’ may be a service provider who collects, stores, and uses data in the course of providing such goods and services.
- Data Transfer: Data is transported across country borders in underwater cables.
- Data localization: It is the act of storing data on any device physically present within the borders of a country.
- Categorization of data: Personal Data Protection Bill categorized data into three categories-
- Personal data: Data from which an individual can be identified like name, address, etc.
- Sensitive personal data: Some types of personal data like financial, health, sexual orientation, biometric, genetic, transgender status, caste, religious belief, or any other category of data specified by the government, in consultation with the Authority and the concerned sectoral regulator.
- Critical personal data: Anything that the government at any time can deem critical, such as military or national security data.
- Provides for Independent Regulator: The Bill provides for a Data Protection Authority. It will consist of a chairperson and six members, with at least 10 years of expertise in the field of data protection and information technology.
- Key functions:
- Take steps to protect the interests of individuals,
- Prevent misuse of personal data, and
- Ensure compliance with the Bill.
- Orders of the Authority can be appealed to an Appellate Tribunal. Appeals from the Tribunal will go to the Supreme Court.
- Key functions:
- Sharing of non-personal data with government: The central government may direct data fiduciaries to provide it with any-
- Non-personal data and
- Anonymized personal data (where it is not possible to identify data principal) for better targeting of services.