The Personal Data Protection Bill 2018 Does Everything But Protect Personal Data
Even as privacy debates intensify and data security concerns spiral the world over, the much-awaited (and much delayed) Justice BN Srikrishna Committee report on the draft Personal Data Protection Bill 2018 was finally submitted to the minister of law and justice, Ravi Shankar Prasad, on Friday, July 27.
Various cross-sections of the society have been waiting for, the report — which was a year in the making — with trepidation as the Bill will have far-reaching implications on data handling and processing practices employed by both Indian and foreign companies and government departments. The draft bill raked up controversies for its reported contents even before it was released.
Amid rising data theft, breaches, and leaks in India, the Supreme Court had directed the Indian government to formulate a Data Protection Bill to ensure and strengthen people’s rights over personal data and the right to privacy. Accordingly, the Justice Sri Bn Krishna Committee was formed in July 2017 to deliberate on a data protection framework for the country.
The European Union (EU) and the UK have already introduced one of the toughest data protection laws in the world, the General Data Protection Regulation (GDPR), which is applicable to companies across the world processing data belonging to EU residents. Indians, meanwhile, were looking forward to a similar, strict Data Protection Bill that would address the security flaws of the present Aadhaar and other systems and enable close monitoring of data usage and breaches by the Indian government, companies, and individuals, along with protection of personal data.
However, the Personal Data Protection Bill 2018 draft released in the public domain last week does everything but what it is meant to do — that is ‘protect’ the personal data of Indian citizens. From recommendations to make the Unique Identification Authority of India (UIDAI) the constitutional authority for the Aadhaar Act to defining a fiduciary relationship between the data ‘principal’ (the natural person whose data is being collected) and data fiduciary, a lot has to be examined in the draft.
The Bill has evoked mixed reactions, with most veering towards dissent, including from some expert committee members. Apart from fuelling a critical discourse on social media, the bill has received some support as well — from policymakers and industry representatives.
Source: INC42