India’s digital economy is quickly expanding and producing massive amounts of personal data. Understanding how this data is handled and secured has become critical as citizens embrace convenience. The Digital Personal Data Protection (DPDP) Bill 2022 seeks to protect citizens’ information from misuse and unauthorised access, but certain provisions, such as the interaction with sectoral data protection regulations, are vague.
The Digital Personal Data Protection (DPDP) Bill 2022
- The Digital Personal Data Protection (DPDP) Bill 2022 is a proposed legislation intended at protecting Indian citizens’ personal data from misuse and unauthorised access.
- The bill’s goal is to regulate the handling of personal data in India’s quickly growing digital economy.
Seven principles of DPDP Bill, 2022
- According to an explanatory note for the bill, it is based on seven principles-
- Lawful use: The first is that usage of personal data by organisations must be done in a manner that is lawful, fair to the individuals concerned and transparent to individuals.
- Personal data must only be used for the objectives for which it was collected, according to the second principle.
- Data minimisation: Only the information required to complete a task should be gathered.
- Data precision: At the time of gathering. There should be no duplicates.
- Duration of storage: The fifth principle states that personal data collected should not be kept indefinitely by default, and that storage should be limited to a set period of time.
- Authorized collection and processing: Reasonable safeguards should be in place to prevent unauthorised gathering or processing of personal data.
- User accountability: The person who determines the goal and means of processing personal data should be held accountable for such processing.
Challenges regarding conflicting sectoral regulations in India
- Certain clauses in the DPDP Bill 2022 lack specificity regarding interactions with sectoral data protection laws.
- While the Bill provides for regulatory gaps to be filled, conflicting sectoral laws may cause confusion.
- India already has sectoral data security regulations in place, such as the Reserve Bank of India’s directive on payment data storage and the National Health Authority’s Health Data Management Policy. Any deviation from current regulations will necessitate a costly re-adjustment of the industry’s operations.
Methodology for regulating privacy and protecting data
- Comprehensive legislation and sector-specific regulations are the two main methods to regulating privacy and protecting data.
- As an illustration of comprehensive legislation with sector-specific provisions, consider the European Union’s General Data Protection Regulation (GDPR).
- The sectoral approach in the United States is a patchwork of rules tailored to specific sectors, with flaws in inconsistent protection, enforcement, and a lack of federal regulation.
Finding the proper balance for India in the future
- Greater clarity and specificity are required in the interaction between the DPDP Bill and sectoral rules in India.
- It is critical to expand on current sectoral regulations in order to avoid undermining their efforts and necessitating additional costly adjustments.
- Sectoral specialists will play an important role in ensuring a safer, more secure, and dynamic digital environment for Indian citizens in the future.
@the end
The DPDP Bill must serve as a foundational layer of protection, with sectoral regulators able to build on it to create a safer and more secure digital environment.
Source: https://www.thehindu.com/opinion/op-ed/the-need-for-sector-specific-safeguards-in-techade/article66672731.ece