OVERVIEW OF THE PERSONAL DATA
PROTECTION BILL
INTRODUCTION
With a growing
online footprint, one is at a higher risk of privacy breach than ever before.
Also, at this juncture employees and customers are increasingly becoming sensitive
about their privacy rights. So, legal framework was required to include
policies that support innovation, but which, simultaneously protects
individuals and entities from risks associated with data. Thus, data privacy
measures are both critical and can provide companies a real business advantage
if handled well.
The Ministry of IT,
Govt. of India (“MeitY”) constituted
a committee of experts chaired by Justice Sri Krishna for issues related to
data protection in India on July 31, 2017 (the “Sri Krishna Committee”). It submitted its report titled “Free and Fair Digital Economy, Protecting
Privacy and Empowering Indians” (“Report”)
and also the Personal Data Protection Bill, 2018 (“PDPB 2018”) on July 27, 2018.
The Report says
that legal regime must aspire to the common public good of both a ‘free’ and ‘fair’ digital economy. The Free
implies autonomy of the individual with regard to their personal data. And the Fairness pertains to developing a
regulatory framework where the existing inequalities in bargaining power
between individual and the entities that process such personal data is
mitigated.
In August 2017, the Supreme Court in K. S. Puttaswamy v. Union of India
(the “Judgement”) recognised right to privacy as a Fundamental Right. The
court stated that every person should have the right to control commercial use of their identity. The Judgement,
therefore, established that people (citizens and non-citizens) could assert
their individual rights against unlawful government invasions to their
privacy and it also imposed an obligation on the state to protect the
individual’s right to privacy by private entities.
Globally, the
enactment of the EU General Data
Protection Regulation (“GDPR”)
in 2016 which came into force in May, 2018 established a global norm in
personal data protection. The PDPB 2018 reflects principles contained in the
GDPR, while simultaneously attempting to bespoke the law to Indian needs.
Now, finally, the Government
has tabled a modified Personal Data
Protection Bill, 2019 (the “PDPB 2019”)
in the parliament on December 11, 2019. It has been sent to 20 members Joint
Parliamentary Committee for further deliberations. The Committee is expected to
submit its Report in the budget session (i.e., February, 2019).
