Date : 10/07/2023

Relevance – GS Paper 2 – Government policies and issues arising out of it

Keywords: Digital Personal Data Protection Bill, data privacy, data protection, cross-border data flows, deemed consent, EU model, US model, China's PIPL

Context –

The Union Cabinet's recent clearance of the Digital Personal Data Protection (DPDP) Bill marks a significant step towards ensuring data privacy and protection in India.

Background –

The Digital Personal Data Protection Bill:

The DPDP Bill aims to regulate the processing of digital personal data within and outside India. It emphasizes the need for entities collecting personal data to maintain accuracy, security, and delete data once its purpose is fulfilled. The bill introduces a voluntary undertaking mechanism, enabling organizations to address privacy-related grievances through the data protection board. Stringent penalties, including fines of up to Rs 250 crore per instance, are prescribed for data breaches.

Changes from the original version:

The revised bill introduces a shift from a 'whitelisting' to a 'blacklisting' mechanism for cross-border data flows. Additionally, the provision on "deemed consent" may become stricter for private entities, while government departments can assume consent for data processing in matters of national security and public interest.

Significance of Privacy Law:

With the rapid growth of the digital economy, a robust data protection framework becomes crucial. The DPDP Bill forms an essential component of India's technology regulations, complementing initiatives like the Digital India Bill, the draft Indian Telecommunication Bill 2022, and non-personal data governance policies.

Concerns around the Draft Bill:

The retention of wide-ranging exemptions for the central government and its agencies has drawn criticism. These exemptions, based on national security and public order, undermine the comprehensive protection of personal data. Additionally, concerns have been raised regarding the central government's control over the appointment of data protection board members and potential dilution of the Right to Information (RTI) Act.

Comparing India's Proposal with Global Models:

Various countries worldwide have enacted legislation to secure data protection and privacy. The EU model, known for its stringent regulations, serves as a template for many nations. The US model emphasizes individual liberty protection from government intrusion, while China's Personal Information Protection Law (PIPL) focuses on preventing the misuse of personal data.

Conclusion:

As the DPDP Bill progresses through Parliament, it is crucial to engage in extensive discussions to address concerns, clarify ambiguities, and minimize discretionary powers. Balancing privacy rights, national security, and effective data governance is essential in the digital age. By enacting robust data protection laws, India can foster trust, facilitate secure data flows, and align with global standards. Aspiring UPSC candidates must stay informed about these developments shaping India's digital landscape and the evolving dynamics of privacy protection.

Source – Hindustan Times, Live Mint