byjusexamprep_img
Home
Practice
Study Materials
Test Series
Select Exam Category
  • SSC & Railway
  • Bank & Insurance
    • PO, Clerk, SO, Insurance
    • Regulatory Bodies
  • ESE/GATE/PSUs
    • GATE & PSU CS
    • ESE & GATE EE
    • ESE & GATE EC
    • ESE & GATE ME
    • ESE & GATE CE
  • IAS
    • IAS
    • IAS Hindi
  • CAT & MBA
  • Other Management Entrance Tests
  • CTET & Teaching Exams
    • CTET & State TET Exams
    • PRT, TGT & PGT Exams
  • UGC NET & SET
  • CSIR NET & SET
  • CLAT UG
  • Other Law Entrance Tests
  • AE & JE Exams
  • Defence Exams
    • CDS & Defence
    • NDA
    • SSB Interview
  • State PSC Exams
    • BPSC
    • MPPSC
    • UPPSC

The Personal Data Protection Bill, 2019

By Neeraj Mishra|Updated : June 19th, 2020
28 upvote3 commentsshare
more

The Personal Data Protection Bill, 2019 was presented in the Lower House on December 11, 2019, by Minister of Electronics and Information Technology, Ravi Shankar Prasad.

Objective:

  • The bills objectives to provide for, the protection of the privacy of individuals in relation to their personal data, accountability of entities processing personal data, and establish a Data Protection Authority of India for the various purposes that the bill seeks to achieve.

The bill is Government of India’s response to the long-felt need for a “data protection regime” for protecting the personal data of citizens which they, knowingly or unknowingly, provide to various websites on the internet. The bill was introduced after the one year of it was drafted by Justice B.N.Srikrishna.

  • The bill was referred to a Joint Parliamentary Committee (JPC) for inspection and scrutiny.
  • The bill has wide implications which will help the country to achieve a better framework of governance in data protection matters. The bill will play an important role in regulating India’s data-driven geopolitical landscape.
  • The concepts like data localization, necessitation of consent and the right to be forgotten have been introduced in the bills which have increased the power of the common man in the ground of internet use. But the story doesn’t end here.
  • The bill has some negative aspects also, which have been discussed in the paper.
  • The biggest concern about the bill is the grant of exemptions to the government for data collection which has given enormous power in the hands of the government. This paper makes an analysis of the various provisions of the bill through which the bill seeks to, inter alia, protect the data privacy of the citizens.
  • The paper also addresses the provisions which seem to weaken the bill in its endeavour to protect the privacy of the citizens.

Landmark case

  • The bill owes its origin to the landmark case on data privacy, Justice K.S. Puttaswamy and Anr. v/s  Union of India.
  • In this case, the nine Judge bench of the Supreme Court of India held that Right to Privacy is a Fundamental Right flowing from the right to life and personal liberty guaranteed by Article 21 of the Constitution of India, as well as other fundamental rights securing individual liberty.
  • In addition, individual dignity was also cited as a basis for the right. Subsequent to this, a five Judge bench of the Supreme Court while delivering its final judgement in the case nudged the Government to bring out a robust data protection regime.

Government of India constituted a "Committee of Experts on Data Protection

  • On 31st July 2017, the Government of India constituted a "Committee of Experts on Data Protection", which was chaired by Justice B.N. Srikrishna, to examine the issues relating to data protection.
  • The Committee submitted its Report on 27th July 2018. Thereafter, the government put the bill in the public sphere for comments and suggestions from various stakeholders, ministers and consultants.
  • On the basis of these suggestions, a revised Personal Data Protection Bill, 2019 was cleared by the Union Cabinet on December 4, 2019.
  • The bill was introduced in the Lok Sabha on December 11, 2019, and on the same day, was submitted in front of  JPC.

 SALIENT FEATURES OF THE BILL

byjusexamprep

  • The bill governs the processing of personal data by government, companies incorporated in India and foreign companies dealing with personal data of individuals in India.
  • The bill sets out the obligations of the data trustee (i.e. the entity which determines the purpose and means of processing the personal data) that they must undertake certain accountability and transparency measures while determining the means and purpose of processing personal data.
  • The bill allows that personal data can be processed by data trustees only if consent has been provided by the data principal (i.e. the person to whom the data pertains).
  • But there are certain grounds mentioned in Section 12 of the bill where personal data can be processed without the consent of the data principal.
  • Some of them are - if personal data is required for benefit of data principal, legal proceeding, respond to a medical emergency or to ensure safety during the breakdown of public order.
  • The bill also enables the Central government to direct any data fiduciary to provide anonymized personal data or other non-personal data to enable better targeting of delivery of services or formulation of evidence-based policies by the Central government. 

According to the bill, data fiduciaries must institute mechanisms for age verification and parental consent when processing sensitive personal data of children as provided in Section 16. The bill also sets out certain rights of data principal as provided in Chapter V.

Some of them are right to obtain confirmation whether data has been processed or not, right to correction of misleading personal data and right to be forgotten. “Right to be forgotten” stands to be an important aspect of the bill.

According to Section 20 data principal has the right to prevent continuing disclosure of his personal data if the purpose of data has been served, if the consent of data principal has been withdrawn or data has been disclosed illegally. The bill also sets up a data protection authority which may take steps to protect interests of individuals, prevent misuse of personal data and ensure compliance with the bill.

NECESSITATION OF CONSENT

  • Section 11 of the Bill makes taking consent of the data principal mandatory for the processing of the data, that too at the commencement of the processing itself. This is in relation to any personal data, be it normal, sensitive or critical.
  • Section 5 says that the data fiduciary shall process the personal data of a person only for the purpose to which he has given his consent and those acts which are connected to that purpose.
  • Section 16 says that before processing the personal data of children, the data fiduciary will have to obtain the consent of the parent or guardian of the child.
  • Section 23 provides for withdrawing of consent given to the data fiduciary by means of a consent manager.
  • Section 34 provides that the sensitive personal data of a data principal may be transferred outside India only on his/her explicit consent.
  • Thus, this bill attaches significant importance to the consent of the data principal and makes the taking of consent an essential requirement, thereby seeking to achieve its objective which is as its name suggests: protection of personal data.

 DATA LOCALIZATION

  • The 2018 draft prepared by the Justice Srikrishna committee suggested that every data fiduciary shall ensure that at least one serving a copy of the personal data that they are using should be stored on a server or data centre located in India.
  • This was criticized by foreign companies that store most of Indians’ data abroad as they would have to bear an additional cost of making arrangements for storing the data in India. Also, some domestic startups were worried about a foreign backlash due to this provision.
  • The bill has relaxed this requirement, and now the provision is that the condition of storing a copy in India will be applicable only to the data classified as “sensitive” and “critical”. The copy of any personal data which does not fall under these two heads is not required to be stored in India i.e. it need not be localized.

STRONG OBLIGATIONS ON DATA TRUSTEES/GUARDIANS

  • The bill places robust obligations on the data fiduciaries.
  • Section 4 says that the data of a data principal can only be processed for specific, clear and lawful purposes.
  • Section 5 says that the data fiduciary should process the data of the data principal in a fair manner and should ensure the privacy of the data principal.
  • Section 6 says that personal data should be collected only to that extent which is necessary for the purpose of processing the data.
  • Section 9 places a restriction on the retention of the personal data and provides that the personal data should not be retained beyond the period necessary to satisfy the purpose for which it is processed.

Thus, the bill makes it imperative for the companies which take the personal data to use it only for the purpose for which it was given and to ensure the privacy of the data principal.

----------------------------------

The Right Time to Start Preparation for CLAT 2021 is Now! So, why to wait?

CLAT 2021: A Comprehensive Course

Features of this course:

👉🏻Expert guidance by NLU alumni provided until the day of your exam

👉🏻Day-wise study plan covering the entire syllabus to help you score better

👉🏻All topics covered through Live Classes & Quizzes

👉🏻Daily Quizzes to boost your speed and accuracy

👉🏻Start Your Free Trial Here

Thanks

Prep Smart. Stay Safe. Go Gardeup.

 

Comments

write a comment

CLAT UG

CLATLAW ExamsLaw Colleges

Featured Articles

Follow us for latest updates

Our AppsPlaystore
POPULAR EXAMS
SSC AND BANK
OTHER EXAMS
GradeStack Learning Pvt. Ltd.Windsor IT Park, Tower - A, 2nd Floor, Sector 125, Noida, Uttar Pradesh 201303 bepstudentsupport@byjus.com