Scribd Logo
Upload

Welcome to Scribd!

  • Writing Sample - 1

    Uploaded by

    Aditya Bhardwaj
    10 views2 pages

    Original Title

    WRITING SAMPLE - 1 (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views2 pages

    Writing Sample - 1

    Uploaded by

    Aditya Bhardwaj

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    The Personal Data Protection Bill, 2019: An Analysis

    With digital technology impacting the lives of Indians, including transfer and exchange of data,
    the threat to breach of privacy and personal data rises without any coherent regulatory
    framework [1]. Personal Data Protection (PDP) Bill, in order to control, has been formulated
    as India’s first step to domestically legislate on data protection.

    The objective of the bill is to build a robust digital economy, protect personal data and govern
    individual’s data being processed by entities. The model of PDP Bill is based on the reports
    submitted by the nine bench committee headed by Justice B.N. Srikrishna to Ministry of
    Electronics and Information Technology (MeitY)[2], however, there have been some
    modifications and improvisations made in it. It adhered to the judgement in landmark case
    Justice K.S. Puttaswamy and Ors. Vs. Union of India (UOI) and Ors, wherein, it was ruled that
    right to privacy is an integral part under Article 21 of Constitution of India, 1950, and
    ‘informational privacy’ is the key element of right to privacy [3].

    The Bill incorporates ‘data’ by trifurcating it into personal data, sensitive personal data (SPD)
    and critical personal data. It omits Data Mirroring, the act of copying data from one location to
    a storage device in real time [4]. Consent of individual is required only when data is transferred
    abroad. The bill emphasises social media companies to create their own verification
    mechanism. For the purpose of independent regulation, the Bill establishes Data Protection
    Authority, which watches over assessments, audits and decision making. Moreover, the bill
    favours individual by granting them right to data portability and the ability to access one’s own
    data, along with right to be forgotten [5].

    The applicability of the PDP lies on the basis of identification rather than jurisdiction.
    Therefore, the processing of personal data of individuals located in India by entities located
    outside India for its business purposes would also come under the purview of the Bill [6].

    There are contentious provisions in the Bill which has propped up a plethora of problems after
    being made public. Firstly, it has given broad exemptions to Central Government and its
    agencies under Section 35 and Section 36(1), on grounds of ‘national security’ and ‘reasonable
    purpose’, to access the data of Indians which may lead to intrusion in the lives of private
    citizens [7]. Secondly, the composition of DPA seems to be under control of Government
    which rejects the notion of DPA being independent regulator. Thirdly, though the preamble of
    the bill aims to protect data, government using data for ‘business purpose’ and ‘governance
    interests’ are contradictory provisions in the bill [8].
    While PDP Bill has been sent to Joint Parliamentary Committee, ‘privacy of citizen’ should be
    the end goal of the data protection legislation. Utilisation of personal data as a tradable
    commodity should be avoided as it complicates drafting of legislation. Sensitization of public
    on data protection should be promoted- which isn’t the case in India. Finally, government has
    to take into consideration that implementation of data localisation comes with economic risks
    which can lead to trade wars.
    [1] McKinsey Global Institute (2019). Digital India: Technology to transform a connected
    nation, McKinsey.
    [2] MeitY (2018), “Draft Personal Data Protection Bill 2018,” [online] Ministry of Electronics
    and Information Technology, Government of India. Available at:
    https://meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf
    [3] Justice K.S. Puttaswamy and Ors. Vs. Respondent: Union of India (UOI) and Ors., (2019)
    1 SCC 1
    [4] EY (2018). Personal Data Protection Bill-2018: An initiative to enforce privacy principles
    in India, Ernst & Young.

    [5] PRS (2018), Draft Personal Data Protection Bill, [online] PRS Legislative Research.
    Available at: http://www.prsindia.org/billtrack/draft-personal-data-protection-bill-2018
    [6] Department of Industrial Policy and Promotion, Draft National E-Commerce Policy,
    February 23, 2019

    [7] “India: Comparing the Personal Data Protection Bill 2018 with the GDPR” dated
    December, 2018 Available at: https://platform.dataguidance.com/opinion/india-comparing-
    personal-data-protection-bill-2018-gdpr

    [8] Desai, R. (2019). India's Data Localization Remains A Key Challenge For Foreign
    Companies. [online] Forbes. Available at
    https://www.forbes.com/sites/ronakdesai/2019/04/30/indias-data-localization-remains-akey-
    challenge-for-foreign-companies/#5e44356ee0a3

    You might also like