Personal Data Protection Bill 2019

-
Data protection means safeguarding private laws and prevent intrusion of outside parties from collecting, storing and circulating personal data. Personal data means information which relates to a person who can be identified through that information collected from various sources. 
The constitution does not explicitly provide for right to privacy but in the landmark 2017 judgment of Justice K.S. Puttaswamy  (Rtd) v. Union of India, the Supreme Court held that Right to Privacy is an integral part of right to life and personal liberty under Article 21 and part of personal freedoms guaranteed under the Constitution. This judgment was considered a victory in the concept of privacy in India. Currently there are no comprehensive and vigorous data protection legislations in India though there are relevant provisions for dealing with personal data under Information Technology Act 2000 ("IT Act")
Post this judgment, there was a dire need for a law which would deal with data protection so the Ministry of Electronics and Information Technology introduced Personal Data Protection Bill 2019 ("Bill") to the Lok Sabha on 11th December 2019. The main aim of this Bill was to introduce provisions related to protection of privacy of individuals regarding their personal data and establishment of Data Protection Authority of India. The Bill if enacted will replace the Section 43A of the IT Act which talks about compensation to be paid by companies in case of failure of protection of data. 
The Bill defines "personal data" as data related to a natural person directly or indirectly identifiable through characteristic, trait, attribute or any other identity feature whether online or offline or any combination of such features with other information and will include inference drawn from such data for profiling. This Bill is applicable to personal data:
  1. which has been collected, disclosed, shared or processed within India;
  2. which is processed by an Indian company, State, any citizen of India or body of persons incorporated under Indian law;
  3. which is processed by data fiduciaries or data processors not present within India if such processing is:
  • related to any business in India or any systematic activity of offering goods or services to data principals within India;
  • related to any activity involving data principals profiling within India.
The Bill will not be applicable to anonymised data except those anonymised data or other non-personal data which enables better targeting of of delivery of services or formulation of evidence-based policies by Central Government. The Bill defines anonymised data as data which has undergone the process of anonymisation. Anonymisation as irreversible process of transformation or conversion of personal data in a form of data principal which cannot be identified which meets the standards of irreversibility as specified by Data Protection Authority of India. 
The Bill defines "sensitive personal data" as data which may be related to or constitute the following:
  1. financial data
  2. health data
  3. official identifier
  4. sex life
  5. sexual orientation
  6. biometric data
  7. genetic data
  8. transgender status
  9. intersex status
  10. caste or tribe
  11. religious or political belief or affiliation
  12. any other data which is categorised under sensitive personal data by Central Government in consultation with Data Protection Authority of India ("Authority") and sectoral regulator concerned
The Bill provides details about the Authority whose main function is protection of interests of individuals, prevention of misuse of personal data, ensuring compliance with provisions of this Bill and promotion of awareness about data protection. Anyone can appeal against the order of the Authority in the Appellate Tribunal within 30 days from the date of receipt of the order accompanied by a prescribed fee. The orders passed by Appellate Tribunal is executable as a decree of civil court. The orders (except interlocutory orders) passed by the Appellate Tribunal can be appealed against before the Supreme Court within 90 days from the date of receipt of the order on any substantial question of law. No civil court will have the jurisdiction of entertaining any suit or proceeding related to any matter in the Appellate Tribunal and no injunction will be granted by any court or other authority under this Bill. 
The offences under this Bill are of a penal nature. If a person re-identifies personal data which has been de-identified by a data fiduciary without the consent of data fiduciary then he/she will be imprisoned for 3 years or fined Rs. 2,00,000/- (Rupees Two Lakhs only) or both. The punishment will not be applicable in the following cases:
  1.  If the data fiduciary has given consent to re-identify such personal data.
  2. The personal data belongs to the person who has been charged for this offence.
In case of a company, every person who was in charge of conduct of affairs of the company when the offence was committed is liable to be punished accordingly. The punishment will not be applicable if it is proved that the offence was committed without the person's knowledge or if he had exercised due diligence to prevent the offence. 
If the offence has been committed by any department or authority or body then the head of the department will be punished accordingly. The Code of Criminal Procedure 1973 relating to public servants will be applicable.
Every offence under this Bill is cognizable and non-bailable. No court can take cognizance of the offence until an application is made by the Authority. 

CONCLUSION

To conclude, it remains to be seen as to how this Bill will protect data privacy of individuals so that there is no invasion of privacy.




Comments

Post a Comment

Popular posts from this blog

Legal Opinion v. Legal Advice- Key Differences between them

-
The terms legal opinion and legal advice are often used synonymously thus the terms are used confusedly. Even lawyers used these terms interchangeably but they have actually different meanings.  LEGAL OPINION Black's Law Dictionary defines legal opinion as a written document in which a lawyer provides his or her understanding and interpretation of the law as per the facts of the case. This definition states that lawyers often draft legal opinions on various facets of law when asked by the client. A legal opinion is effective when it is made on the letterhead of the company/law firm signed and stamped by the lawyer representing the company/law firm. A disclaimer is mentioned in the legal opinion which states that whatever is mentioned in it is not a legal advice nor is it protected by attorney client privilege. This disclaimer protects the lawyer and the company he is representing from a potential liability. A client goes to the lawyer and asks for solution to a legal problem, wheth...
Read more

Bharatiya Nagarik Suraksha Sanhita, 2023

-
INTRODUCTION The Bharatiya Nagarik Suraksha Sanhita, 2023 ("Bill") was introduced in Lok Sabha on August 11, 2023.   If enacted, this Bill will repeal the Code of Criminal Procedure, 1973.  The Code provides for the procedure for arrest, prosecution, and bail for offences under various Acts including the Indian Penal Code, 1860.  The Bill retains most of the provisions of the Code.   This Bill has introduced strict deadlines for processes of inquiry, investigation and trial, allowing police custody for more than 15 days, conducting trial if the accused has absconded, trial in electronic mode etc. The Bill wants to normalize electronic communication, electronic evidence and electronic forms in investigation, inquiry and trial. KEY CHANGES IN THE BILL The following are the key changes which are introduced in the Bill:- 1. Signatures and finger impression- The Code allows a Metropolitan/Judicial Magistrate to order any person to provide signatures or handwriti...
Read more

Decriminalizing Section 138 of Negotiable Instruments Act, 1881- Good or Bad?

-
Negotiable Instruments Act 1881 governs the different types of negotiable instruments such as Bills of Exchange, Promissory Notes and Cheques. Negotiable Instrument is defined as a Promissory Notes, Bill of Exchange or Cheque which is payable either to order or to bearer. Section 138 talks about punishment when a cheque is dishonoured due to insufficiency of funds or for any other reason. The defaulter can be imprisoned for two years and/or pay twice the amount in the cheque as fine. It is a non-cognizable offence. On June 8, 2020, the Ministry of Finance proposed that this section be decriminalized to reduce the burden of criminal liability on companies and unclogging court processes as there are lakhs of pending cheque dishonour cases. The main reason to increase banking operations efficiently and to ensure credibility of financial transactions through cheques because the Covid 19 pandemic has slowed down our economy.  Under the current law, the payee can file both a cri...
Read more