A Welcome step – Data Protection Bill 2018

Anil Vishnu Vaidya

Author: Anil Vishnu Vaidya

Date: Mon, 2018-08-20 12:32

Justice Srikrishna committee formulated Personal Data Protection Bill 2018. Government has taken very positive step to share it with the general public requesting comments till September 10, 2018. After reviewing the comments and due consideration the Government is expected to table the bill in Parliament in December.

EU General Data Protection Regulations and now Indian Personal Data Protection Bill attempt to guard individuals against misuse of information shared on Internet. One of the tenets of the Indian bill attempts to separate personal information from sensitive personal information to uphold fundamental Right to Privacy. The very first statement brings out the essence of bill stating

the right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy”.

One of requirements of this bill states that the personal sensitive data needs to be stored within territorial limits of India. The large global firms believe they will need to increase investments in Data Centers in India to meet this requirement and they expect to lobby against this stipulation. Conceding the point that storage of data within bounds of India may not necessarily result in increased security it is still in their own interest to prove that such protection can be offered from any location around the globe. And of course their argument that data localisation may lead to more governmental controls.

Also there is quite a bit of criticism on internet that the bill needs to clarify what constitutes personal sensitive information. Given that all such suggestions and proposals need to be addressed it is still a very welcome step to bring such bill to legislators for their consideration.

We are sure that if not in the bill, subsequent notifications and regulations will bring required clarity!           

 

Share

Comments

Large amount of personal data being collected by private companies & state agencies, the absence of data protection legal frame work in India has been a deeper cause of concern. It is a welcome step to have comprehensive data protection & privacy framework. Good step that Indian government has proposed the same as India is 1/5th of the world’s population & 2nd largest Internet user base. With this initiative, India is now in a select band of countries moving towards a comprehensive data and privacy protection regime. In fact, an important step by government towards securing the rights of the citizens It is an great initiative towards guarding the data from getting misused over internet. Detailed information should be shared on the personal sensitive information as this can mislead the concept. Enough precautions required to avoid the Facebook – Cambridge Analytica scam like situation in India. Several attempts were made by the government in past for data privacy & i am sure that the committee has taken all the relevant inputs in their proposed bill in the interest of the Individual, Industry, society & country. Private companies which deals with personal data of Indian citizens will have to store a copy of the in India. This may have significant impact on the giants who are Silicon Valley based who store the data for the Indian users in multiple location across globe. With this step, there will be higher level of security & accountability of the senior officials in various departments those who will be involved in designing & maintaining the whole eco system. Challenge to protect the data will be the utmost importance specially from foreign eyes. It’s a massive task & needs lot of expertise, security & safety affairs, sentiments of the population. My vote is towards this great initiative.

Large amount of personal data being collected by private companies & state agencies, the absence of data protection legal frame work in India has been a deeper cause of concern. It is a welcome step to have comprehensive data protection & privacy framework. Good step that Indian government has proposed the same as India is 1/5th of the world’s population & 2nd largest Internet user base. With this initiative, India is now in a select band of countries moving towards a comprehensive data and privacy protection regime. In fact, an important step by government towards securing the rights of the citizens It is an great initiative towards guarding the data from getting misused over internet. Detailed information should be shared on the personal sensitive information as this can mislead the concept. Enough precautions required to avoid the Facebook – Cambridge Analytica scam like situation in India. Several attempts were made by the government in past for data privacy & i am sure that the committee has taken all the relevant inputs in their proposed bill in the interest of the Individual, Industry, society & country. Private companies which deals with personal data of Indian citizens will have to store a copy of the in India. This may have significant impact on the giants who are Silicon Valley based who store the data for the Indian users in multiple location across globe. With this step, there will be higher level of security & accountability of the senior officials in various departments those who will be involved in designing & maintaining the whole eco system. Challenge to protect the data will be the utmost importance specially from foreign eyes. It’s a massive task & needs lot of expertise, security & safety affairs, sentiments of the population. My vote is towards this great initiative.

Dear Sir, I agree with your views and appreciate that government has concerns about us and brought Data Protection Bill. But I have different view on few points – 1. We have asked firms to store data in Indian territorial area only, but by storing within India it is not assured that data will not get shared outside India? It is a matter of ethics of these companies and trust which they develop with users. 2. We are also equally responsible for data sharing, why we provide data to these firms as and when they ask? Why we don’t stop at that moment? Later, it becomes easier to curse the authorities but we are overlooking our own mistakes and responsibilities. 3. Today we have provided all our details to Google and Facebook which is accessible across the globe. And sometimes we feel happy and delighted also when someone wishes us on our birthday, anniversary or daughter’s birthday or any other social occasion. Have we ever thought from where they came to know about my personal details, we ourselves made it public on social sites. Thus, making it more vulnerable for data breaching. 4. We are not restricting ourselves to share data on one site, rather we have created multiple accounts, like on Facebooks, Twitter, WhatsApp, LinkedIn and many more social media sites. 5. All of a sudden, one fine day, if these firms share my details to third party and If I come to know I will curse government, while in reality it’s my own fault. What government will do? Neither I have shared my details by taking permission from government nor government has asked me to share it. 6. Hope that with this Data Protection bills people will understand their responsibility and learn that sharing of data is depends on me not only on government.

Anil Sir, thanks so much for providing your initial insights on Data Protection Bill which as you mentioned has been deemed as a “fundamental right” by the Supreme Court. It indeed is a welcome step and I am hopeful to see the outcome of this bill once it is brought in front of the legislators for their consideration as I personally would be more comfortable to have my Bank Details, Phone Numbers, Photos etc. be protected under a define framework. Though it might be still unclear on the content and the intent of the bill but with India being the second most populated country in the world and the second most internet base user in the world as well, it only makes more logic for us to have a framework to protect the data of the customers. With limited information we have I believe having data centers in India might make more sense as this might help Indian economy at large. However, from a standpoint of ease of doing business we should allow the companies to decide the freedom for having cross border data flow , of course with the right regulations around data localization & protection framework. I also believe that corporate should also be given an opportunity to review and provide a feedback to the committee before this law is tabled in December 2018 as this would only help the framework to be stronger. With a push on digitization in India these are truly exciting times for IT Sector in India which can bring a positive change in the technology industry. Best Regards, Ketan

Yes , This is welcoming step by Indian Government to introduce Data Protection Act 2018 . As we know that in India is moving towards digital governance. Now everything is online. We are sharing our personal data to these private companies and to the government organization and there is no stricter rule to protect our data. The Data Protection Act will provide guidance and rules for usage of personal data. This law will hold companies liable. There will be fines if there is breach of the rules. This law cover rules around sharing of data and data security. This is needed to prevent situation like leakage of vast data from Facebook and Cambridge Analytica. Now a day we are linking our Aadhar which is having confidential information with Banks and Mobile service provider. This is real concerning about the leakage of these data to third party. By introducing Data Protection Act, it will be onus on the company and on operating body to protect our data. Also, India should look into cross border data privacy rules that allow free flow of information across borders. These are adopted by eight countries – US, Mexico , Canada , South Korea , Taiwan , Singapore and Australia. This could possibly support India’s economy now and in the future. According to me this is great initiative by the Indian government and I am in favor of this initiative.

I agree with author views, as I too consider this as a most awaited positive move from the central government. Seeking public views for the bill, is a giant leap towards building trust and sense of belongingness. Hope a platform will be created for such bills in future too. The main committee’s objective was to "ensure growth of the digital economy while keeping personal data of citizens secure and protected.". However, with Aadhaar being our first digital identity and yet several issues revolving around it (Recently, UIDAI got trolled for pushing a toll-free number onto android devices without users consent or knowledge has raised many eyebrows), the authenticity of the system and its purpose is questionable. When it comes to privacy protection, I feel that the main responsibility stays with the individual rather than the government. One should be conscious of presenting his/her personnel data in public domain. With increasing number of people getting on to the digital wagon, I feel they need to be educated on how to stay away from cyber-attacks. Our institutions although support this, are not fully equipped to impart such knowledge, yet. How often, users have consciously accepted the privacy permissions in any application or website? So even if the law enforces the data to be stored locally and if users are not mindful of their choices, it doesn’t take much time for companies to replicate the data, elsewhere. With these potential issues that can crop up, I strongly recommend that right to be forgotten, along with right to confirmation, access and correction should be considered to be included in the law. These additional inclusions with balanced approach will definitely be welcomed by the public.

Add new comment

SPJIMR
Bhavan's Campus
Munshi Nagar | Dadabhai Road,
Andheri West | Mumbai - 400 058, India
Tel:+91-22-2623-0396/ 2401
      +91-22-2623-7454
Fax:+91-22-26237042
 

Delhi Centre
Bharatiya Vidya Bhavan Campus, 3rd Floor
Gate No. 4, Copernicus Lane
Kasturba Gandhi Marg, New Delhi-110001
Tel: 8383059670, 011-23006871, ext-871 

Locate SPJIMR