The Author is Tanmay Awasthi  pursuing  B.B.A. LL.B.(Hons.) from Jagran Lake City University, Bhopal.

In the recent times, we are entering in a new world – a world of Digital Data Transfer. We continuously exchange information internationally. Hence, the question that arises in every mind globally revolves around the security of the information which is often compromised.
In view of the global issue, India has come up with its own regulation for safeguarding the privacy of the individuals which is recognized as the Fundamental Right by the Apex Court of the India in the judgment of Puttaswamy. The Personal Data Protection Bill, 2019 was presented in the Lok Sabha by the Minister of the Electronics and Communication, Mr. Ravi Shankar Prasad on December 11, 2019. This bill draw its inspiration from the 2018 draft prepared by the Retired Justice B.N. Srikrishna and has its historical roots in General Data Protection Regulation i.e.  GDPR.
The bill focuses on the protection of such data which can be used to identify a person like biometrics, financial details, religious and caste beliefs etc. This data is collected by Data Fiduciaries that control how and why data is processed. It is this processing of data that serves as an important profit source for big corporations in advertisements. The bill, therefore, gives rights to the individuals who provide data and obliges the government, companies incorporated in India and foreign companies dealing with the personal data of individuals in India to respect these rights.

Significance of Bill –
·         Data is the large collection of information that is stored in a computer or on a network.
·         Data is collected and handled by entities called data fiduciaries.
·         While the fiduciary controls how and why data is processed, the processing itself may be by a third party, the data processor.
·         The processing of this data (based on one's online habits and preferences, but without prior knowledge of the data subject) has become an important source of profits for big corporations
·         Apart from it, this has become a potential avenue for invasion of privacy, as it can reveal extremely personal aspects.
·         Also, it is now clear that much of the future’s economy and issues of national sovereignty will be predicated on the regulation of data.
·         The physical attributes of data — where data is stored, where it is sent, where it is turned into something useful — are called data flows. Data localisation arguments are premised on the idea that data flows determine who has access to the data, who profits off it, who taxes and who “owns” it

Key provisions of the Bill –
·         The Bill includes exemptions for processing data without an individual’s consent for reasonable purposes”, including security of the state, detection of any unlawful activity or fraud, whistleblowing, medical emergencies, credit scoring, operation of search engines and processing of publicly available data
·         The Bill calls for the creation of an independent regulator Data Protection Authority, which will oversee assessments and audits and definition making.
·         Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for auditing, grievance redressal, recording maintenance and more.
·         The Bill proposes Purpose limitation and Collection limitation clause, which limit the collection of data to what is needed for “clear, specific, and lawful” purposes.
·         It also grants individuals the right to data portability and the ability to access and transfer one’s own data. It also grants individuals the right to data portability, and the ability to access and transfer one’s own data.
·         Finally, it legislates on the right to be forgotten. With historical roots in European Union law, General Data Protection Regulation (GDPR), this right allows an individual to remove consent for data collection and disclosure.
·         The Bill stated the penalties as: Rs 5 crore or 2 percent of worldwide turnover for minor violations and Rs 15 crore or 4 percent of total worldwide turnover for more serious violations.

Pros of the Data Protection Bill, 2019 –
·         Data localisation can help law-enforcement agencies access data for investigations and enforcement - As of now, much of cross-border data transfer is governed by individual bilateral “mutual legal assistance treaties”. Accessing data through this route is a cumbersome process.
·         Instances of cyber attacks and surveillance will be checked.
·         Social media is being used to spread fake news, which has resulted in lynchings, national security threats, which can now be monitored, checked and prevented in time.
·         Data localisation will also increase the ability of the Indian government to tax Internet giants.
·         Strong data protection legislation will also help to enforce data sovereignty.

Cons of the Data Protection Bill, 2019 –
·         Many contend that the physical location of the data is not relevant in the cyber world. Even if the data is stored in the country, the encryption keys may still be out of reach of national agencies
·         National security or reasonable purposes are an open-ended terms, this may lead to intrusion of state into the private lives of citizens
·         Technology giants like Facebook and Google have criticised protectionist policy on data protection (data localisation). They fear that the domino effect of protectionist policy will lead to other countries following suit
·         Protectionist regime supress the values of a globalised, competitive internet marketplace, where costs and speeds determine information flows rather than nationalistic borders.
·         Also, it may backfire on India’s own young startups that are attempting global growth, or on larger firms that process foreign data in India.

Conclusion –
According to the Supreme Court in the Puttaswamy judgment (2017), the right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy, whereas the growth of the digital economy is also essential to open new vistas of socio-economic growth.
In this context, the government policy on data protection must not deter framing any policy for the growth of the digital economy, to the extent that it doesn’t impinge on personal data privacy.