The government on Thursday introduced the Digital Personal Data Protection Bill, 2023 in the Lok Sabha amid protest from opposition members who demanded that the bill be referred to the standing committee for thorough scrutiny. The Bill seeks to regulate the processing of digital personal data while ensuring citizens’ right to privacy.
On Tuesday, the parliamentary standing committee on communications and information technology had presented its forty-eighth report to Parliament, highlighting the need for a dedicated legislation on data privacy. The report says that the rapid digitisation of the Indian economy and the consequent explosion of personal data have revolutionised the lives of Indian citizens, introducing new possibilities for growth, development, and improved governance.
This digital transformation has also brought forth significant concerns regarding data privacy and security. In response to these challenges, the Supreme Court of India, in its landmark 2017 judgment, affirmed the right to privacy as a fundamental right protected under the Indian Constitution.
The report emphasises that while digitisation has significantly improved service delivery and ease of living for individuals, it has also exposed them to potential harm resulting from data misuse. Therefore, the protection of digitised personal data becomes imperative, and the proposed bill seeks to address this pressing need.
In recent years, the digitisation of personal data has revolutionised service delivery and improved the ease of living for millions of people. However, it has also exposed individuals to potential harm due to data misuse and cybercrimes. To address these concerns, the 48th Report of the Parliamentary Standing Committee on Communications and Information Technology highlights the urgent need for comprehensive laws and regulations to safeguard personal data. This report presents a detailed analysis of the Committee’s recommendations, which aim to foster an environment of openness, safety, trust, and accountability in the digital ecosystem.
The digital revolution has accelerated the generation and processing of personal data in various sectors, from financial services to healthcare and social media. The Committee acknowledges that this rapid digitisation has significantly improved service delivery, convenience, and accessibility. However, it also recognises the inherent risks of personal data misuse, unauthorised access, and cybercrimes. As individuals’ dependence on digital services grows, ensuring robust personal data protection becomes imperative.
Recognising the right to privacy
The Committee emphasises that the right to privacy is a fundamental right enshrined in Article 21 of the Indian Constitution. The landmark judgment of the Supreme Court in the case of Justice K. S. Puttaswamy (Retd.) and Anr. vs. Union of India and Ors. recognised the importance of safeguarding privacy in the digital age. This landmark decision underscored the need for a robust data protection regime to protect individuals’ fundamental right to privacy.
Importance of digital data protection law
The report delves into the significance of enacting a comprehensive data protection law. While recognising the efforts made with the introduction of the Personal Data Protection Bill, 2019, the Committee notes its withdrawal in August 2022. The absence of a well-defined data protection law leaves individuals and entities vulnerable to data breaches, misuse, and inadequate safeguards. The report stresses the urgency of enacting a new data protection law that comprehensively addresses the challenges posed by the evolving digital landscape.
Inclusive consultation process
The Committee commends the Ministry for its thorough and inclusive consultation process during the drafting of the Digital Personal Data Protection Bill, 2022. By inviting public comments and engaging in inter-ministerial consultations, the Ministry ensured comprehensive input from various stakeholders. The Committee notes that 21,666 comments were received from stakeholders, which indicates a significant level of public interest and participation in the legislative process. The incorporation of stakeholder feedback into the draft bill demonstrates the government’s commitment to transparency and responsiveness.
Embracing international best practices
To enhance the effectiveness and alignment of the proposed Digital Personal Data Protection Bill, the report highlights the government’s efforts to draw inspiration from international best practices. By examining personal data protection laws in Singapore, Australia, the European Union, and the United States, the Ministry aimed to ensure that the bill is compatible with global standards. By incorporating principles such as lawful, fair, and transparent usage of personal data, data minimisation, accuracy, storage limitation, and reasonable safeguards, the draft bill aligns with established international norms.
Ensuring robust safeguards
The report underscores the need for robust safeguards in the proposed bill to protect sensitive data, especially data pertaining to children. The requirement for parental consent before processing personal data of children and the prohibition of detrimental practices like tracking, behavioural monitoring, or targeted advertising are steps towards safeguarding the interests and privacy of minors. The report highlights the importance of educating the public about their rights, consent mechanisms, and notice requirements to enable them to make informed choices about their personal data.
Enhancing citizen awareness
Citizen awareness and education are essential pillars of effective data protection. The Committee emphasises the significance of raising awareness about alternative dispute resolution mechanisms and remedies available in civil courts for individuals affected by data breaches or violations. Collaborative efforts with State/UT Governments are recommended to organise impactful awareness campaigns, workshops, and training programs to ensure that citizens are well-informed about their rights and the recourse available to them.
Civil liability vs. criminal liability
The report clarifies that the Digital Personal Data Protection Bill primarily imposes civil liabilities, ensuring that breaches are addressed through civil claims and compensation. However, the report also notes that criminal liability under certain sections of the Indian Penal Code may be invoked in cases of data theft and serious breaches of personal data. The Committee recommends publicising the availability of criminal liability to deter potential wrongdoers and to instil public confidence in data protection measures.
The draft bill grants rule-making power to the Central government to address the dynamic nature of the digital ecosystem. The Committee acknowledges the importance of flexibility in data protection laws to respond to technological advancements and emerging challenges. It acknowledges that rule-making powers are common in legislation and serve to make implementation practical and feasible. However, the Committee also stresses the need for responsible and judicious use of these powers to ensure that data protection laws remain effective, efficient, and aligned with constitutional principles.
The 48th Report of the Parliamentary Standing Committee on Communications and Information Technology reiterates the urgent necessity for a robust and comprehensive data protection law. The report emphasises the significance of inclusivity, citizen awareness, and alignment with international best practices to create a protective framework for personal data in India’s rapidly evolving digital landscape.
By heeding the Committee’s recommendations, India can foster a secure and trustworthy digital ecosystem, empowering individuals with control over their personal information while promoting economic growth and innovation. The enactment of a comprehensive data protection law will be a significant step forward in safeguarding citizen’s data and privacy in the digital age.
(This article has been written with artificial intelligence inputs.)