Draft Data protection bill and its concerns

December 06, 2018
6 months

What is the issue?

The draft data protection bill falls short of nuances in protecting the digital identity of the people and it needs a re-look.

What are the provisions?

  • The draft bill notes that the right to privacy is a fundamental right.
  • On data portability, it suggested that critical personal data of Indian citizens, which centre notifies, should be processed in centres located within the country.
  • Other personal data may be transferred outside the territory of India with some conditions.
  • It has recommended setting up a Data Protection Authority to prevent misuse of personal information.
  • It also provides for setting up an Appellate Tribunal.
  • It suggested that the Aadhaar Act requires several modifications and provisions for regulatory oversight.
  • It also provides for penalties and compensation for violations of the data protection law.

What are the concerns?

  • The UIDAI will be both the data fiduciary and the regulator for Aadhaar, which creates a conflict of interest.
  • Even though personal data can be transferred outside India, data fiduciaries will be required to store a local copy in India, questioning the surveillance requirement of the state.
  • The draft says that processing of sensitive personal data should be on the basis of “explicit consent” of the data principal.
  • However, over dependence on consent and notice is unlikely to succeed in a country with low digital literacy.
  • Though it is mentioned that personal data shall be processed in a fair and reasonable manner, the follow-up measures by the regulator are non-specific.
  • Though the draft provides penalty, only ex-post accountability measures are suggested, whereas preventive measures that needs to be taken before a possible security threat are lacking.

What more does the draft could include?

  • The data protection framework should include guidelines for the various use cases of authentication, authorisation and accounting.
  • The committee does discuss artificial intelligence and big-data analytics but it should be followed up by defining clear-cut guidelines for their safe use.
  • There should be detailed analyses of how state surveillance can be achieved without enabling undesirable mass surveillance that may threaten civil liberty and democracy.
  • The bill needs to evaluate the data processing requirements of the diverse private sector and how these requirements may infringe upon privacy.
  • Finally, protection against both external and insider attacks in large data establishments, both technically and legally has to be ensured at any cost.


Source: The Indian Express


Login or Register to Post Comments
There are no reviews yet. Be the first one to review.
UPSC Admissions 2019