D Ministry: 

Electronics and Information Technology

raft Data Protection Bill 2018

‘Database, accessibility and usage’ - Three cornerstone which strengthens the draft of the Data
Protection Bill 2018.Before demarcating the data type and analyzing the bill, a quick reality
check on the brevity of data breaches and cyber crimes of 2017-18 in India and worldwide; As
per The Hindu (dated 4th April,2018) -In 2017, 5.09% of global threats detected were in India,
slightly less than 5.11% in 2016. The U.S. (26.61%) was most vulnerable to such attacks,
followed by China (10.95%), according to ‘Internet Security Threat Report’; Re-Hashed: 2018
Cybercrime Statistics: A closer look at the “Web of Profit” reported that Cybercrime will
generate at least $1.5 trillion this year.

With the increase in ease for private entities (data fiduciaries) to extract and process personal
data of individuals (data principals) this bill would be a welcome step. The governments across
the world are well aware of the situation that their database is not the only source of information
available today. The sources of cyber attacks such as social networking sites, mobile application
vendors, content aggregators, credit and insurance service providers, database with educational
institutions have become commonplace .The data generated through biometrics and security
checks by government, banks, public sector units and private entities contain personal (which
helps in identification of an individual) and sensitive data(passwords, biometrics, pin, OTP’S)
which can be a potential threat in case of a data leak . The volume of information generated on
day to day basis is on a large scale. The bill empowers the individuals to know why, where,
when and how the information provided by them is channelized. To counter loopholes in the
system, the government plans to set up a national-level Data Protection Authority (DPA) which
will serve as an apex body of supervision. But it doesn’t spell out clear cut guidelines in terms of
compliance, which acts as a double edged sword for fiduciaries. Several factors could lead to this
ambiguity in near future, for example; nature of business and their requirements, technological
progress, digitalization of information etc. Some exceptions for processing data without consent
under the draft bill are warranted for distribution of government services and benefits (example;
subsidized LPG), for issuance of license, permit and certificates (example; passport, AADHAR).

However this is the first step towards data regulation and protection, there are lot of grey areas
which have to be catered to, especially regarding the confidential data already available with the
fiduciaries.

Key references:-

www.prsindia.org

www.thesslstore.com

www.trendmicro.com
www.thehindu.com

www.digit.in