The much-hyped ‘Personal Data Protection Bill’ is expected to be tabled in Parliament today on Wednesday. The bill seeks to allow processing of private data without prior approval of the data-owner in some reasonable case. For some reasonable purposes which include the national security and maintain of public order among others, the investigating agency can snoop on personal data without approval.
The Personal Data Protection Bill, 2019 classifies data into three broad categories of personal, sensitive personal and critical personal. With an aim to create the first comprehensive law to legally protect the digital information of the nation, the union government will have unrestricted access to the information of citizens under some situations.
The bill, in its broader sense, seeks to preserve the sanctity of individual consent and allows for several exemptions for prevention and detection of illegal activities which includes fraud, mergers and acquisitions, network and information security, credit scoring, recovery of debt and operation of search engines among others.
The provision of assessing personal data without getting consent in some defined situations, as deemed by the authorities, is the most controversial part and has been termed as ‘blanket surveillance’ by the experts of the industry. The analysts consider this provision as a departure from the draft bill prepared by the Justice BN Srikrishna committee which talked specifically about creating the personal data protection legislation.
The bill will empower the agency to process the personal data if considered necessary for the performance of “any function of the state authorized by the law” for any public service and for compliance with any order of a court or tribunal.
The bill also arms the users the “right to be forgotten”, allowing the users, under the “data principal” section of the proposed bill, to erase their personal data published online and allows to ask entities such as Facebook and Twitter to delete any data they do not want in the public domain.
The users will have the right to ask for preventing continued disclosure of data once the purpose for collecting the data has been served. Such data will also need to be withdrawn if the data principal has withdrawn consent for the purpose it was given for.
The bill also makes some responsible provisions on data principals. They need to file an application with an adjudicating officer in case wishing to withdraw consent or restricting the use of data.
The bill got cabinet nod last week and will be sent to a joint committee for further discussion after it is tabled in parliament today.