Introduction

In the 21st century, the youth is glued to their cell phones or tablets. Not only youngsters but also the adults are surrounded by technology. These days the bill payments, shopping etc are done through electronic mode. It becomes necessary on the part of the government to ensure that the transactions are safe and full privacy is ensured. When you make any online payment, you give access to all your valuable data. Data is as precious as money in the present time.

Data privacy refers to how a piece of information should be handled. In the digital age, the government passed the Protection of Persons Data Bill, 2018 when you open a bank account or make an ADHAAR card you share all the important details with the government. The bill discusses to what extent can the information be used by the authorities and the rules surrounding transfer of personal data outside the nation. The Bill is currently pending as the Information and Technology Ministry has decided to do several changes.

Question 1 – What is the object of the Bill?

Answer 1 – The government of India in the year 2017, decided to study various issues relating to data protection in India. They formed a committee headed by Justice Shri B N Srikrishna to analyse the data protection concept. The committee formed the idea and in the year 2018 submitted the draft to Ministry of Information and Technology. 

Question 2 – Who is obligated towards the Bill?

Answer 2 – The Protection of Persons Bill, 2018 applies to both the government and private companies. All those who take information from customers are obligated towards the bill. The bill will apply to those individuals also who are not in the nation and carry out transaction. They will be obligated if they do any business in India or do any activity which involves profiling of data principals within the nation.

Question 3 – How important is the bill?

Answer 3 – The people who give their data have the right to get their data erased from the records and the right to not get their data exploited. The users through this bill can also ask a copy for the data entered and have the right to get it corrected. The data can only be collected with consent. The bill also talks about transgender and intersex people. It discusses the rights of LGBTQI community. It mentions that knowing ‘transgender status’ comes under ‘Sensitive Personal Data’

Question 4 – What is data fiduciary?

Answer 4 When a person gives his information to the other person, he establishes a trust with him. The person entrusted with the data is called data fiduciary.

Question 5 – What are the rights available to data subjects?

Answer 5 - The Personal Data Protection Bill,2018 gives several rights to data principals –

  • Right to be Forgotten – if an individual denies the processing of the data, he has the right to get it deleted.
  • Right to Correction – the holder of the data i.e. data principal have the right to get their personal information updated and corrected.
  • Right to Conformation and Access – The data principals have the right to know the manner in which their data will be processed. The data can be made available to them in a more lucid and understandable way.
  • Right to Portability – The data principals have the right to port their data so that it becomes easier for individuals to understand personal data.

Moreover, the individual has full authority to know if his data is breached.

Question 6 – What is the basis on which Sensitive Personal data can be processed?

Answer 6 – The Protection of Person Rights Bill, 2018 defines Sensitive Personal Data as the data that is very much related to the individual. Such type of information include passwords, financial data, health data, sex data, sexual orientation, transgender status, political or religious belief. All this is mentioned under Section 22 of the Persons Rights Bill. The sensitive data can be processed –

  • The data can be processed when there is explicit consent (Sec 18). The term explicit consent means when the consent delivered is informed, clear and specific.
  • The sensitive personal data can be processed for the functions of the State when there is any form of work of the Parliament or any other. (Sec19)
  • The personal sensitive data can also be used if there is any order by the court or any tribunal. (Sec 20)
  • The data can also be taken if there is any sort of medical emergency or to provide assistance in disasters. (Sec 21)

Question 7 – What are the penalties in case of violation?

Answer 7 – The penalties and remedies are given from Section 69 to Section 78 of the proposed Bill.

  • If any data fiduciary does not comply with the request made by data principal then the data fiduciary shall be liable to a penalty of Rs five thousand rupees for each day subject to a maximum of ten lakhs rupees. (Sec 70)
  • If any data fiduciary does not furnish any report or information asked by the Authority then that data fiduciary shall be liable to a penalty which shall be ten thousand per day and maximum to twenty lakh rupees. (Sec71)
  • If the data fiduciary does not comply with the orders of the Authority under sec 62 or sec 65 then he will liable for a fine which is payable up to two crore rupees. (Sec72)
  • If the person fails to comply to anything laid under the bill and there is no separate penalty then it will lie under section 73. The penalty will be up to five crore rupees.
  • The bill has also laid down provision for compensation. It has mentioned that on any sort of violation the data principal has a right to compensation.
  • Section 76 mentions that any sort of punishment will not stop other acts from giving punishment.

Question 8 – Define the Offences under this Bill?

Answer 8 – The offences are described in this Bill from Section 90 to 96. The offences are as stated –

  • If any person goes against the Act and obtains, discloses, transfers or sell personal data will be punished with imprisonment for a term not exceeding three years.
  • If a person obtains, sells, discloses or transfers sensitive personal data then he shall be liable for imprisonment for a term exceeding not five years or fine up to three lakh rupees.
  • The offence for going against the bill shall be cognizable and non bailable. (Sec 93)
  • The police officer who investigated the case should not be below the rank of Inspector. (Sec 94)
  • The companies can also commit any offence laid down under the Bill. Section 95 talks about such cases. If any data breach act is committed by the company then every person who was in charge of the act shall be liable to be proceeded against any action.
  • The Central and State departments can also be held liable for data breach under Section 96.

Question 10 – Are there any provisions for acts done in good faith?

Answer 10 – Under Section 100 of the Bill, no suit can be brought forward for the act done in good faith. No authority or chairperson or member shall be held liable for anything which is done under good faith.

The bill has been made in an astute manner by the committee. It has taken into concern all the sections of the society be it transgender or intersex. The bill has also taken into consideration the information of children. The data of children is the most vulnerable. It has kept exemptions and safeguards to make it a proper bill.

Picture Source :

 
Simran Sabharwal