Data, since the advent of Information Technology, has been a huge bane for most of us due to its usage and hence, a strong bill was required to monitor its rightful utilization. To augment this process, the Govt. of India has tabled the Personal Data Protection Bill 2019 in the Parliament recently. While the intent is in line with the thought process of creating proper guidance of data and its usage, there have been several contrarian views in light of a number of key factors such as storage of personal data as well as the accessibility of sensitive personal data of Indian citizens by the Government security agencies.
To understand a few of these key pointers, let’s understand what exactly the Indian Personal Data Protection Bill 2019 mentions in its key charters.
Classification of Data
First, it has to be clearly accepted that there needs to be a clear classification and characterization of data types so that the compliances are met without recourse to any misinterpretation. Also, consensus on data fiduciaries need not be a forced process as long as the fundamental aspect for which the data has been shared is clearly met. Since multiple agencies might be involved, it is quite pertinent that necessary approvals from all related stakeholders including, but not limited to, both the originator and end-user are taken to avoid any discretionary usage. So, all processes related to policies and their implementation needs to be adhered to as per the duly laid out rule in line with the law of the land.
Access to sensitive data
Secondly, a very key aspect of the bill is related to the access of personal sensitive data of any citizen by the Government to order any data fiduciary for the sake of research and for national security and criminal investigations. The intent of this point is the ability to prevent and monitor the key metrics related to any untoward incidents, however, the onus of ensuring that the sensitive data to be used by the Government to pre-empt any mishap would always be fraught with the fact that the proper usage of such data need to be clearly understood and implied by the security agencies for the greater safety of the country.
Another key aspect of the bill pertains to the social media user verification process wherein companies need to provide the option for the users to voluntarily verify their identities. This means that those users in the companies who do not provide the Govt. approved IDs to their employers shall be reported to the Govt. agencies who can then probe these specific users to verify their antecedents and cross-check their identities as part of fiduciary scrutiny and investigation. Providing Govt. IDs to the organizations may open up misutilization of sensitive personal data which may be used for profiling of the users by 3rd parties.
Transfer of Data
One more debatable point is related to forced transfer of non-personal data to the Government for public good and policy planning purposes. This could lead to exigencies by which a person’s preference for certain activities such as buying pattern through e-commerce platform could lead to any specialized analytical program able to build a detailed database of people’s references related to caste, creed and religion thereby influencing a large strata of demography by targeted approach by vested interests.
However, the bill retains the strong protection in regard to the processing especially on consent, authorized basis for processing, purpose and collection limitation, notice, data retention, data quality, data security safeguards, right to access and correction, data portability and enhanced obligations for significant data fiduciaries.
But on a positive note, there are quite a few good initiatives as highlighted in the bill such as Data Localization and Cross Border Transfers as well as Right to Erasure.
To sum it up, with such a large set of web users in India bordering close to almost half a billion, it is imperative that a proper data protection bill is needed to manage and monitor the end-usage of data. So, this bill is the right approach to enable and ensure that the privilege of using data by every single citizen of India has to be safeguarded and a proper trust factor has to be created by the Government to offer the right platform for both the end-users and the fiduciary while being the essential big brother to help provide the correct framework.
We would love to hear your views. Email us at firstname.lastname@example.org!