Data Protection Bill and Right To Privacy
Data Protection priority was known as privacy laws and it started gaining importance with the advent of computers in the 1970s. From 1973-1974, the council of Europe is known as the European Commission. Later on 21st January they basically started talking about this as a Data Protection Act.
This was 1981 from there onwards till 1995 they travelled and from 1995-2016, finally, it was called as General Data Protection Regulation (GDPR). There was a huge change in the Act itself. By the time we turned GDPR the entire handling of data came under the ambit, which means right from the initiations of data within the organization to travelling and discarding of data.
The supreme court interpreted informational privacy as a fundamental right under Articles 14, 19, 21, 25 of the constitution of India. Justice K.S. Puttaswamy vs. Union of India. Though the committee headed by B.N. Srikrishna was formed to dwell and issues governing data protection in India.
The committee submitted the report in 2018 to the Ministry of Electronics and Information along with a draft Personal Data Protection Bill. The Personal Data Protection Bill, 2019 is based on the recommendations of the committee and various other corporate offices and suppliers.
Why India needs Data Protection Bill:
The bill as stated in the preamble provides for the protection of the privacy of every individual relating to their personal data. Such as business records, transactions, passwords and many important credentials such as Aadhar, Pan numbers saved in data. When the IT Act 2000, came into force on October 17, 2000, all the laws and procedures of the whole given Act lacked the protection and provisions required to protect the once sensitive personal information provided electronically.
This led Informational Technology Bill, 2006 in the Indian Parliament which led to the Information Technology (Amendment) Act, 2008 come into force on October 27, 2009. It inserted section 43A in the Informational Technology Act.
Personal Data Under Bill Defined
Now corporate bodies are dealing with these sensitive data for information and are negligent in maintaining reasonable security to protect such data or information.
Personal data is the data relates to a person and their characteristics and other features which help in identifying that person.
Data includes Financial Data, health data, Sexual Orientation, Biometric Data, Transgender
status, Caste or Tribe, Religious and Political affiliation.
Critical Personal Data
It refers to those data which will be notified by Central Government as Critical Personal Data which thereby causes wrongful loss or wrongful gain to any person.
Processing of Personal Data Without Consent
The bill proposes, the processing of data fiduciaries only if consent is allowed to provide it by themselves,
There are certain exceptions under the personal data can be processed without consent such as:
i) Legal Proceeding.
ii) If requisitioned by the state for providing benefits to the individual.
Though as we can see when we open Facebook or any social media we see that whatever thing we searched on Google or any other search engine, they catch all our searching data’s and cookies and saves them.
Then when we open a new tab or any other social media, take eg. Facebook, Twitter, Instagram or Youtube, in these platforms we see some advertisements, which shows our past searched items/shopping items because they store every cookie including passwords.
Most of the time we see they give redirect advertisements on that any social media pages that we have looked at before, the privacy is so weak and they never asked for our permission. The privacy should provide end to end encryption in these too. Same as Whatsapp updated in 2019.
Collection of Personal Data shall be limited to such data that is necessary for the purposes of the processing.
Notice should be given before the collection or processing of Personal Data.
Personal Data shall be retained of the purpose for which even used & shall be deleted at the end of the processing.
Without consent from the data principal, the data should not be taken. Consent must be required during the commencement of the data.
Age must be verified & parental consent must be processed before obtaining the data. It may contain sensitive personal data’s of the family& coworkers.
Data Fiduciary Must Undertake Certain Accountability Measures:
Implementing high-security safeguards (such as data encryption & preventing misuse of data).
Audit its policies & conduct of the policies must be done every year for future safety.
Pursuant of the GDPR & PDPB being enacted into an Act, there are several compliances to be followed by organizations. Processing personal data to ensure the protection privacy of individuals relevant to personal data.
Consent of the individual would be requested for the processing of personal data. Based on the personal data’s which are connected with any organization & that has to be updated after time to time under data protective policies. Passwords, codes should be earned these are consistent with revised principles such as updating their internal procedures.
Implementing organizational measures to prevent from misusing of data. Data protection officer to be appointed by the significant data fiduciary officers. Which can handle & have many ideas to take care of data’s from other cyber hijacking mechanisms.