Will Digital Personal Data Protection Bill violate privacy of citizens?

Source:The Indian Express

For Prelims: The Digital Personal Data Protection Bill, 2022 (DPDP Bill, 2022),   Digital India Bill, Indian Telecommunication Bill, 2022, Information Technology Act, 2000 ,Justice B. N. Srikrishna Committee on Data Protection,  Crime and Criminal Tracking Network and Systems (CCTNS), Central Monitoring System (CMS), National Intelligence Grid (NatGrid),  PUCL vs Union of India case(1996)

For Mains: The Digital Personal Data Protection Bill, 2022 (DPDP Bill, 2022) 

Highlights Of the Article:

• The Digital Personal Data Protection Bill, 2022 (DPDP Bill, 2022) is a crucial part of the comprehensive technology regulations being developed in India.
• The Bill aims to strike a balance between acknowledging individuals' entitlement to safeguard their digital personal information and the necessity of processing personal data for legitimate objectives.
• Legal scholars argue that the DPDP Bill aligns with the objectives of the Digital India initiative, which seeks to empower the country digitally and create a knowledge-based economy.
• The Bill focuses on handling digital personal data while recognizing the importance of safeguarding individuals' personal information and the need for data processing.
• The proposed legislation does not intend to prohibit the use of personal data, but it establishes obligations for companies to adhere to, including obtaining explicit consent for data processing.
• Individuals' rights are protected, allowing them to access, rectify, and delete their personal data. They can also revoke consent if desired and address grievances regarding data handling.
• The DPDP Bill grants exemptions to government-designated data fiduciaries from certain obligations related to data aggregation.
• The Bill specifies specific circumstances under which the government can access citizens' personal data, such as national security, pandemics, and natural disasters.
• Critics argue that the DPDP Bill lacks provisions for surveillance reform, potentially leading to expanded data collection and retention.
• Concerns arise about potential infringements on the right to privacy due to exemptions granted to government agencies.
• The Justice B. N. Srikrishna Committee on Data Protection was instrumental in establishing the need for data protection legislation in India.
• The DPDP Bill has undergone a journey of development, with previous versions such as the Personal Data Protection Bill, 2019, introduced in Parliament but later withdrawn in 2022.
• Existing legal frameworks, including the Information Technology Act, 2000, have been insufficient in safeguarding personal data in India.
• Mass surveillance initiatives like Crime and Criminal Tracking Network and Systems (CCTNS), Central Monitoring System (CMS), and National Intelligence Grid (NatGrid) raise concerns about data privacy.
• The PUCL vs Union of India case (1996) established the necessity for any violation of the right to privacy to be commensurate with the requirement for such encroachment.

Context:

The context of the article is the upcoming debate surrounding the Digital Personal Data Protection Bill, 2022 (DPDP Bill, 2022) in India. The bill is related to data protection regulations and is expected to be presented in Parliament during the Monsoon session of 2023.

UPSC EXAM NOTES ANALYSIS:

   1. Overview of the Digital Personal Data Protection Bill and its Context:

• The article talks about the importance of the Digital Personal Data Protection Bill, 2022 (DPDP Bill, 2022) in India's efforts to regulate data protection. This bill is part of a larger set of technology regulations that includes the Digital India Bill and the draft Indian Telecommunication Bill, 2022.
• The DPDP Bill is expected to be presented in Parliament during the Monsoon session of 2023. It aims to protect people's personal data while also considering the need to use data for legitimate reasons.

2. Arguments in Favor of the DPDP Bill:

• Some experts support the DPDP Bill, saying it aligns with the Digital India initiative, aiming to make India a digitally empowered society and boost the knowledge-based economy. The bill focuses on managing digital personal data while keeping individuals' information safe.
• The proposed legislation doesn't want to stop using personal data altogether but wants to set rules for companies to follow. It insists on obtaining clear permission from individuals before processing their data. People have the right to access, correct, and delete their data, and they can also withdraw their consent if needed.
• The DPDP Bill provides certain exemptions to government-designated data fiduciaries, allowing them some flexibility while handling data for business purposes.

3. Concerns and Arguments Against the DPDP Bill:

• However, some critics express concerns about the DPDP Bill. They worry that it lacks provisions to reform surveillance practices, which might lead to more data collection and retention, possibly violating privacy rights.
• The exemptions granted to government agencies for state security and public order reasons might infringe on people's right to privacy. Some doubt whether the bill achieves a fair balance between citizens' rights and the state's interests.
• The article mentions a previous court case (PUCL vs Union of India, 1996) that highlighted the need for any privacy violations to be justified by a genuine need. Critics question if the exemptions provided in the bill meet this requirement.

4. Implications of the DPDP Bill and Existing Legal Frameworks:

• The DPDP Bill came into being after the Justice B. N. Srikrishna Committee on Data Protection was set up in 2017 to study data protection matters in India.
• Previous versions of the bill, like the Personal Data Protection Bill, 2019, were introduced but later withdrawn. India lacked comprehensive data protection laws before this bill was proposed.
• The article raises concerns about surveillance programs like Crime and Criminal Tracking Network and Systems (CCTNS), Central Monitoring System (CMS), and National Intelligence Grid (NatGrid). The article questions how these initiatives impact data privacy without comprehensive legal frameworks.
• Some believe that the DPDP Bill falls short in addressing surveillance reform and holding the government accountable for data processing.

Conclusion:

The article offers a thorough analysis of the Digital Personal Data Protection Bill, 2022, in the context of data protection regulations in India. It explains both the positive aspects and the concerns related to the bill, focusing on the complexities of data protection, privacy, and state accountability in the digital era.