We Droit Penale: ILJCC have taken an initiative of starting our blog "Droit Penale NewsLetter" this shall be maintained by few members of our organisation.
This blog shall have the latest updates regarding legal facets of the societies at large. We invite bloggers to connect with us and share views or submit articles which can be posted and shared through this blog.
The Author is Tanmay Awasthi pursuing B.B.A. LL.B.(Hons.) from Jagran Lake City University, Bhopal.
the recent times, we are entering in a new world – a world of Digital Data Transfer. We
continuously exchange information internationally. Hence, the question that
arises in every mind globally revolves around the security of the information
which is often compromised.
In view of the global issue, India has come up with
its own regulation for safeguarding the privacy of the individuals which is
recognized as the Fundamental Right by the Apex Court of the India in the
judgment of Puttaswamy. The Personal Data Protection Bill, 2019 was presented
in the Lok Sabha by the Minister of the Electronics and Communication, Mr. Ravi
Shankar Prasad on December 11, 2019. This bill draw its inspiration from the
2018 draft prepared by the Retired Justice B.N. Srikrishna and has its
historical roots in General Data Protection Regulation i.e.GDPR.
The bill focuses on the
protection of such data which can be used to identify a person like biometrics,
financial details, religious and caste beliefs etc. This data is collected by
Data Fiduciaries that control how and why data is processed. It is this
processing of data that serves as an important profit source for big
corporations in advertisements. The bill, therefore, gives rights to the
individuals who provide data and obliges the government, companies incorporated
in India and foreign companies dealing with the personal data of individuals in
India to respect these rights.
of Bill –
·Data is the large
collection of information that is stored in a computer or on a network.
·Data is collected and
handled by entities called data
·While the fiduciary
controls how and why data is processed, the processing itself may be by a third
party, the data processor.
·The processing of this
data (based on one's online habits and preferences, but without prior knowledge
of the data subject) has become an important source of profits for big
·Apart from it, this has
become a potential avenue for invasion of privacy, as it can reveal extremely
·Also, it is now clear
that much of the future’s economy and issues of national sovereignty will be
predicated on the regulation of data.
·The physical attributes
of data — where data is stored, where it is sent, where it is turned into
something useful — are called data
flows. Data localisation arguments are premised on the
idea that data flows determine who has access to the data, who profits off it,
who taxes and who “owns” it
provisions of the Bill –
·The Bill includes
exemptions for processing data without an individual’s consent for “reasonable purposes”, including
security of the state, detection of any unlawful activity or fraud,
whistleblowing, medical emergencies, credit scoring, operation of search
engines and processing of publicly available data
·The Bill calls for the
creation of an independent
regulator Data Protection Authority, which will oversee
assessments and audits and definition making.
·Each company will have
a Data Protection Officer (DPO) who
will liaison with the DPA for auditing, grievance redressal, recording
maintenance and more.
·The Bill proposes “Purpose limitation” and “Collection limitation” clause,
which limit the collection of data to what is needed for “clear, specific, and
·It also grants
individuals the right to data
portability and the ability to access and transfer one’s own data. It
also grants individuals the right to data portability, and the ability to
access and transfer one’s own data.
·Finally, it legislates
on the right to be forgotten. With historical roots in European Union
Data Protection Regulation (GDPR),
this right allows an individual to remove consent for data collection and
·The Bill stated
the penalties as:
Rs 5 crore or 2 percent of worldwide turnover for minor violations and Rs 15
crore or 4 percent of total worldwide turnover for more serious violations.
of the Data Protection Bill, 2019 –
can help law-enforcement agencies access
data for investigations and enforcement - As of now, much of cross-border data
transfer is governed by individual bilateral “mutual legal assistance
treaties”. Accessing data through this route is a cumbersome process.
·Instances of cyber
attacks and surveillance will be checked.
·Social media is being
used to spread fake
news, which has resulted in
lynchings, national security threats, which can now be monitored, checked and
prevented in time.
·Data localisation will
also increase the ability of the Indian government to tax Internet giants.
·Strong data protection
legislation will also help to enforce data sovereignty.
Cons of the Data Protection Bill, 2019 –
·Many contend that the
physical location of the data is not relevant in the cyber world. Even if the
data is stored in the country, the encryption keys may still be out of reach of
·National security or reasonable purposes are
an open-ended terms, this may lead to intrusion of state into the private lives
·Technology giants like
Facebook and Google have criticised protectionist
policy on data protection (data localisation). They fear that
the domino effect of
protectionist policy will lead to other countries following suit
supress the values of a globalised, competitive internet marketplace, where
costs and speeds determine information flows rather than nationalistic borders.
·Also, it may backfire
on India’s own young startups that
are attempting global growth, or on larger firms that process foreign data in
to the Supreme Court in the Puttaswamy
judgment (2017), the right to privacy is a
fundamental right and it is necessary to protect personal data as an essential
facet of informational privacy, whereas the growth of the digital economy is
also essential to open new vistas of socio-economic growth.
this context, the government policy on data protection must not deter framing
any policy for the growth of the digital economy, to the extent that it doesn’t
impinge on personal data privacy.