India’s data protection law needs refinement

Source: The Hindu

For Prelims: The European Union, General Data Protection Regulation (GDPR), Digital Personal Data Protection (DPDP) Bill, 2022, Competition Commission of India

For Mains: Digital Personal Data Protection 

Highlights of the Article:

1. India is in the process of drafting a data protection law for its over 1.4 billion citizens, but it needs refinement to avoid being toothless in effect.
2. The European Union's General Data Protection Regulation (GDPR) is considered one of the most comprehensive data privacy laws globally, but it has faced challenges in implementation.
3. The Indian government is likely to table the Digital Personal Data Protection (DPDP) Bill, 2022, which has undergone public consultation but still has critical gaps.
4. The DPDP Bill only focuses on protecting personal data, leaving out the potential risks posed by the combination of non-personal data with other datasets to identify individuals and impact user privacy.
5. The proposed data protection board cannot initiate proceedings on its own, limiting its effectiveness in enforcing the law and protecting users' rights.
6. To address these gaps, the article suggests including provisions in the DPDP Bill to penalize data-processing entities for re-identifying non-personal data as personal data and empowering the data protection board to take action on its own to protect users' rights.
7. Finding solutions to these issues would significantly improve the implementation and effectiveness of India's data protection law, making it more future-proof in the fast-evolving data economy.

Context: 

The context of the article is the need for refinement and improvement of India's data protection law. It highlights the challenges and potential shortcomings of the Digital Personal Data Protection (DPDP) Bill, 2022, which is the Indian government's third attempt at drafting a data protection law.

UPSC EXAM NOTES EDITORIAL ANALYSIS:

Challenges in Creating India's Data Protection Law:

• The article discusses the difficulties India faces while making a data protection law suitable for its large population of over 1.4 billion people.
• It compares this situation with Europe's General Data Protection Regulation (GDPR), which is popular but has faced some problems in its implementation.
• India needs to avoid making a weak data protection law and focus on ensuring it effectively protects people's privacy.

Critical Gaps in the Digital Personal Data Protection (DPDP) Bill:

• The article looks at the specific issues in India's proposed data protection law, called the Digital Personal Data Protection (DPDP) Bill.
• One significant problem is that the Bill only concentrates on safeguarding personal data and ignores the potential risks of combining non-personal data with other data to identify individuals.
• This limitation could leave people's privacy vulnerable in today's data-driven world. The article suggests adding rules to punish companies that turn non-personal data into personal data.

Empowering the Data Protection Board for Better Enforcement:

• The article also discusses the role of the proposed data protection board in enforcing the DPDP Bill.
• The board's limited power to start proceedings on its own could be a hurdle in protecting people's rights effectively.
• To improve this, the article suggests giving the data protection board the ability to take action on its own, similar to how the Competition Commission of India operates.

Conclusion:

By addressing these challenges and gaps and empowering the data protection board, India can create a strong and future-proof data protection law, providing meaningful privacy protection to its citizens in the digital age.