The 10 member data protection committee, headed by former supreme court judge, B.N. Srikrishna, submitted its Personal Data Protection Bill, 2018 to law and IT minister Ravi Shankar Prasad, on 27 July 2018, in what could be best known as a monumental step in ensuring the privacy and protection of Data in the country.
It all began with the Supreme Court declaring the Right to Privacy as a fundamental right in the constitution and directing the government to form a committee to take measures and ensure the protection of the data of citizens in 2017.
The report seeks to protect the Data of the citizens of the country by providing them with full control over who can use their data, why is it needed and how will it be processed.
Why do we need to worry about our data?
In this era of Machine Learning and Big Data Analysis, Data is like gold these days and it can be misused to a large extent, for illegal activities, influencing the minds of the people through targeted advertising according to the “profiles” made of every citizen by the advertising agencies and can also be misused to rig elections, such as what happened in the case of the Facebook-Cambridge Analytica scandal, where data of 87 Million Users throughout the World was leaked and used to influence the 2016 US Elections.
We may not realize it, but every minute we spend on the internet accepting to terms and conditions to use the so-called “free services”, we are exposing ourselves and falling deeper into the labyrinth.
This had prompted the European Union’s recently implemented Global Data Protection Regime (GDPR), to streamline the way in which the user’s data can be used and on similar grounds, the BN Srikrishna committee had presented its report.
What Does the Committee Propose?
- Creation of a Data Protection Authority(DPA), which would act as the regulatory body for data in the country, similar to the role played by RBI and SEBI in their respective domains.
- Any company incorporated under the Indian Company Law would be bound by the terms and conditions of this proposed Bill, irrespective of the data being collected or processed outside India.
- Those companies operating in India, which process the data of only foreign nationals may be exempted by the Central Government.
- The State can process the personal data of citizens on the grounds of Public Welfare, Law and Order or under Emergency.
- Those violating the clauses would be fined at a minimum of 2% of the annual worldwide turnover or Rs.5 Crores (Whichever is higher) or a maximum of 4% of the annual worldwide turnover of Rs.15 Crores, (whichever is higher). They may also be subject to 3-5 Years in jail.
As stated by BN Srikrishna in an interview, the proposed law would require many laws to be amended, especially the Adhaar Act, RTI Act, IT Act, among the notable ones. Under any confusion or dispute, the Data Protection Law would prevail/given preference over any other law.
How does this affect Businesses?
- The emerging businesses/startups would be highly affected as they would now need to store the data, in India involving a huge amount of money.
- Foreign Companies, seeking to invest in India or already invested storing data outside India would also face issues.
- But, this would create a business opportunity for data storage companies and organizations with huge server capacities such as Facebook, Google can now earn additional income.
- Indian Digital Wallet companies remain unaffected, in fact, they supported these measures.
How Long Would It Take?
After being introduced in the Parliament with possible amendments, and after being passed in both the houses, it would take at least 12-18 months for it to be implemented post it becoming law.
The Bottom Line
This is a monumental step undertaken by the Government Of India and is highly appreciated, as Data Protection and Privacy is the need of the hour. We, the proud citizens of the Republic Of India must become aware of our rights regarding our data and this draft has been proposed keeping in mind the interests of the citizens at the highest pedestal.
In fact, this can be considered as a watershed moment in the Indian economy after Demonetisation and GST.
Now, the easy work has been done and there are unforeseeable challenges lurking deep into these unchartered waters and this bill could be subject to further criticisms in the Parliament. But, the onus now lies upon the Government of India to pass this bill, at the earliest and make the Data Protection Law a reality.