Enacting data privacy law need of the hour
The new draft of digital data privacy law aims to keep the Indian data safe and secure.
The new draft of digital data privacy law aims to keep the Indian data safe and secure. There are many initiatives which address the concerns of the industry. According to the Ministry of Electronics and IT (MeitY), the new draft strikes a delicate balance between the needs of the industry and the Supreme Court's ruling on privacy as a fundamental right. Taking these factors into account, reasonable restrictions have also been imposed. Firstly, the draft law proposes to ease data storage law. In a significant relief to global technology giants including Meta, Google, and Amazon among others; the draft law proposes to allow storage of Indian data in other friendly countries.
The government will "notify such countries or territories outside India to which a data fiduciary may transfer personal data" after receiving the feedback from the public. Similarly, the draft proposes a penalty of up to Rs 250 crore in case the data fiduciary or data processor fails to protect against personal data breaches. Penalties can go up to Rs 500 crore for violating various provisions of the proposed law.
Similar to Europe's general data protection regulation (GDPR), the proposed bill will apply to entities operating in the country along with for companies processing the data of Indian citizens. However, there are also red flags raised by experts. The bill proposes to provide wide-ranging exemptions to the centre and its agencies with little safeguards. Many feel that this is one of the major concern areas wherein personal data can be assessed by public authorities with little restrictions. The government argued that "national and public interest is at times greater than the interest of an individual", justifying the need for such exemptions. As the government is the biggest user of data, broad exemptions proposed in the draft can defeat the very purpose of privacy. Moreover, the bill doesn't cover data stored in non-digital format.
As much of data collected in rural areas in physical format, there is a scope for public authorities to escape the scrutiny. It is also worth noting that the new bill has just 30 clauses compared to the more than 90 in the previous one. Therefore, a lot of operational details have been left to subsequent rule-making. It raises fear about the possibility of more relaxation for government authorities. Moreover, penalty is proposed to be imposed on companies without taking into account their turnovers.
So, the draft bill is a mixed bag with both hits and misses. On one hand, it takes care of the industry concerns on data storage, it proposes to provide sweeping powers to the government bodies on the other hand. Of course, the bill is currently under public consultations and is likely to inculcate the changes proposed by the general public. Given the complexity of India, it is necessary that the country formalises the privacy act as soon as possible. In a digital world, any further delay to legislate a privacy law will endanger Indian data. Cyberbreaches and subsequent loss of money by both enterprises and individuals have risen in alarming proportions in recent years.
Therefore, it will be better if the lawmakers can finalise the law at the earliest.