Back in 2018, a panel headed by former Supreme Court judge BN Shrikrishna was created to formulate a data protection bill for Indian citizens. The decision to create such a panel came in the wake of growing data breaches by big tech, most notably, Facebook’s Cambridge Analytica Scandal.
This bill, which has been coined the Data Protection Bill was approved by the Union Cabinet headed by PM Narendra Modi this Wednesday.
Data storage and monopolization by big tech has been a burning issue in recent times, as governments and citizens alike are becoming more aware of the implications of personal data being stored in databases of international giants like Facebook, Google, Apple, etc. Thus, legal regulations in favor of citizen data protection have become the need of the hour.
Data Protection Bill: Key Provisions
The bill will be proposed for final approval in the Parliament’s winter session. Some major provisions under the bill have to deal with how tech giants handle Indian users’ personal data, the exercise of consent by consumers, and penalties for breaking the laws.
First and foremost, the bill defines personal data as any credentials that can be used to specify an individual’s identity such as their religious background, ethnicity, biometrics, sexual orientation, etc.
The bill will make it mandatory for all tech firms with an Indian consumer base to store sensitive personal data about Indian consumers in servers based in India, instead of overseas ones. However, it allows for the processing of data overseas, granted that the data owner consents to it. Non-consensual data processing is only permitted in cases of national interest and security or court order, and other urgent instances.
If a company fails to adhere to these laws, they’ll be liable to a penalty of 15 crore or 4% of the company’s global annual revenue, depending on which amount is greater. Additionally, the bill proposes a jail term of up to three years for the executive in-charge of conduct of an offending company, according to sources.
The bill also states that minor offenses can be penalized with a fine of 5 crore or 2% of the company’s global revenue.
Pros And Cons Of The Bill
The Data Protection Bill would limit the ability of international tech giants to exploit user data, and could possibly secure Indian users from data breaches. It would also create greater local activity by tech companies, and, thus, generate jobs for Indians.
However, the bill lacks provisions that empower citizens at an individual level. It fails to address or grant individual rights and agency to data owners.
Read More. https://dazeinfo.com/2019/12/05/data-sovereignty-in-india-personal-data-protection-bill-is-here/