Rapid digitalization has made data privacy an essential goal. This can be made possible by establishing a stronger privacy regime through the forthcoming PDPB.
The pace of digitization, fueled by demand for digital transformation in the corporate ecosystem as well as in Government services, is exponentially increasing creation and collection of personal data. The usage of elements like big data, analytics, etc. gives an insight into an individual’s preferences and online behavioral patterns. As a result, this data can, then, be harnessed for targeted commercial campaigns. In India, in the absence of structured data privacy laws, the protection of personal data is more voluntary than mandatory. For a country which is among the top three in terms of number of internet users, the need for an appropriate privacy legal framework becomes critical.
With the amount of personal data being shared by citizens directly or indirectly with various entities, it has become extremely crucial to ensure that individual users have autonomy and control over their personal data in the digital economy. Our Indian Government has also understood the need for strong and structured privacy regime to govern the processing of personal data. It introduced the Draft Personal Data Protection Bill (PDPB), which is under consideration and review by a Joint Parliamentary Committee (JPC).
The Personal Data Protection Bill 2019was introduced in the Indian Parliament in December 2019 and is currently undergoing analysis by JPC. JPC has recommended that ambit of the Data protection bill in India needs to expand to focus more on the digitization and localization of data. JPC also wants that the final Data protection bill to include nonpersonal data (not merely securing personal data), which comprises of sensitive and critical data.
The draft PDPB covers the data privacy of personal data of individuals across the data life cycle that includes collection, transfer, process, disclosure and disposal. Draft PDPB has few elements which are similar to other leading global data protection regulations like EU’s General Data Protection Regulation (GDPR). Draft PDPB also covers the obligations of the data fiduciary, such as lawfulness in processing the personal data, purpose limitation, collection limitation, storage limitation, quality of personal data, etc.
The draft PDPB in the present state also outlines provisions of tough penalties in response to data security breaches. The draft data privacy law calls for data fiduciaries to proactively develop privacy strategies to address privacy obligations and shift the way they approach data privacy. The data fiduciaries will have to establish organization-wide privacy responsibility and accountability for data privacy and might even warrant revamp of a few business processes to streamline data visibility.
The draft PDPB has the following key areas that have been covered as part of the framework which should support India with robust data privacy structure.