The Digital Personal Data Protection Bill, 2022, the fourth iteration of the data privacy legislation, was published by the government on November 18. (Bill).
Background
- The Right to Privacy Bill, 2011, which was the subject of debates started the process of creating data protection legislation in 2011.
- The K. Puttuswamy ruling from 2017 gave the data protection case a significant boost by concluding that the “Right to privacy” is a basic right protected by Article 21—the right to life and personal liberty.
- The government created B.N. Srikrishna committee to design a law for data protection and privacy in the wake of the Puttaswamy decision. The Justice B.N. Srikrishna Committee’s report on this was the catalyst for the 2019 Personal Data Protection Bill.
What other areas of this bill require attention?
- Only the nature and seriousness of the breach are still in focus: Although the Bill is generally comprehensive. It is necessary to elaborate on Section 25 and Schedule I, which deal with fines. According to Section 25, a person found guilty of non-compliance in detail-related concerns shall pay a certain amount of money as a financial penalty. Only the nature and seriousness of the offence are still in focus. The financial standing of a firm is not taken into account when imposing penalties under the proposed legislation.
- The company’s financial standing must be taken into account while drafting the bill. For the Bill to be effective, fines cannot cause businesses to go bankrupt. Instead, they must be commensurate to the size and operations of the organisation.
- One can learn from laws like the General Data Protection Regulation (GDPR) of the European Union, which assesses fines based on a company’s entire annual revenue, among other comparable laws.
What makes this bill distinct and comprehensive?
- Cooperation: The Bill protects personal data while also encouraging communication and collaboration between data fiduciaries and the government.
- It has been written in a way that is specifically tailored to India’s requirements, while drawing on the best practises of other foreign jurisdictions, including Australia and Europe.
- Exemptions have limitations: Even the exclusions provided to the Centre are very stringent and in line with earlier legal rulings and Article 19(2) of the Constitution.
- Change in how laws are drafted that is major: The Bill represents a change in how laws are drafted that is significant. Understanding a piece of legislation in India has typically been similar to belonging to an elite club where only politicians, policy experts, and a small number of legal professionals are qualified to do so.
- Ensures accessibility and simplification for common people: It recognises that it is in our best interests to make sure that all laws, particularly those that have a significant impact on citizens, are made accessible to all individuals regardless of their professional or educational standing. This Bill thus represents a transition from legalese to legal simplification.
@the-end
The Bill protects personal information while encouraging collaboration between data fiduciaries and the government. Even though it incorporates best practises from other countries, it was written specifically to meet India’s needs. The Centre has been granted a number of severely limiting exemptions.