Most of the websites and software we use today request our personal information, and sometimes that includes our financial and biometric data. We frequently produce these pieces of information without having second thoughts, don't we? But have you ever thought these could be manipulated by others in several ways?
As technology is very advanced today, this misuse of information is less hard than it was in the bygone days. And sometimes, while installing certain software, we tend to give access to our personal information without even minding what all are we giving access to.
But don't be alarmed as this is where the Personal data protection bill comes into play. Let's take a look at what it is.
In July 2017, the Ministry of Information and Technology of India introduced a panel to examine issues associated with data protection. This committee was chaired by retired Supreme Court judge Justice B. N. Srikrishna and this panel submitted a draft on this in July 2018. After further deliberations, the bill was introduced in Lok Sabha by Mr. Ravi Shankar Prasad, the Minister of Information and Technology on 11 December 2019.
What does this bill do?
The Personal Data Protection Bill, 2019 directs the usage of data by
- Companies incorporated in India, and
- Foreign companies dealing with personal data of individuals in India.
But what is this personal data?
Personal data is data that concerns characteristics, traits, or attributes of identity, which can be utilized to recognize an individual. The Bill also categorizes some data as sensitive personal data that includes financial data, biometric data, caste, religious or political beliefs, in consultation with the Authority and the concerned sectoral regulator.
According to this Bill, the procession of personal data will be subject to a certain purpose, collection, and storage limitations, which means that personal data can only be used for specific, clear, and lawful purposes. Along with that, each data fiduciary should undertake measures like implementing security safeguards and establishing grievance redressal mechanisms.
The Bill allows the usage of data by fiduciaries only if approval is provided by the individual. Nevertheless, in specific situations, personal data can be processed without consent. These comprise:
- If demanded by the State,
- Judicial procedures,
- To acknowledge to a medical emergency.
What rights does this Bill offer to the individual?
The Bill establishes out certain rights of the individual too. These involve the freedom to get consent from the fiduciary on whether their data has been handled, attempt rectification of mistaken, or outdated personal data, have personal data shifted to any other data fiduciary if required, and limit the exposure of their data by a fiduciary if it is no longer required.
What if someone commits an offense?
Offenses and punishments under the Protection of Personal Data Bill include:
- Processing or transferring personal data without consent, which is culpable with a penalty of Rs 15 crore or 4% of the annual turnover of the fiduciary.
- Failure to conduct a data audit, condemned to a fine of Rs 5 crores or 2% of the annual turnover of the fiduciary.
- Re-identification and processing of de-identified data without approval, punishable with imprisonment up to 3 years, or a fine, or both.
Overall, The Bill intends to cater for the security of the privacy of individuals relating to their data, define the progress and usage of personal data, build a relationship of credence among persons and entities processing the personal data, preserve the fundamental rights of individuals whose personal data are processed, and to build a structure for organizational standards in the processing of data.