The draft Personal Data Collection Bill 2018 which emphasis the “need for consent” to collect sensitive personal data such as biometrics, sexual orientation, religious & political beliefs et al was submitted to the government for consideration by the Justice BN Srikrishna Committee on 27th July 2018.
This document’s potential impact would be wide-spanning: ranging from the realms of social media usage to the mechanisms driving transfer of government benefits to the poorest of the poor through Aadhaar.
10 Key Takeaways:
1. New Regulator: Setup a Data Protection Authority (i.e. a stand-alone regulator) to enforce and implement the provisions of the law, including legal & policy affairs, monitoring, research & awareness, and grievance redressal
2. Sensitive personal data is different: Sensitive personal data collection and processing will be treated separately. These include passwords, financial data, health data, official identifier, sex life, sexual orientation, biometric and genetic data, and data that reveals transgender status, intersex status, caste, tribe, religious or political beliefs or affiliations of an individual
3. Consent is key: Consent will be a lawful basis for processing any sensitive personal data. For consent to be valid it should be free, informed, specific, clear and capable of being withdrawn
4. Introducing Fiduciary responsibility: Data controllers have a “fiduciary” responsibility to users
5. User rights: Users have the right to be forgotten, right to confirmation, access and correction, right to data portability, all subject to conditions
6. Restrictions on Cross-border transfer: Personal data determined to be critical will be processed only in India. There will be a prohibition against cross border transfer for such data. The Central Government should determine categories of sensitive personal data which are critical to the nation having regard to strategic interests and enforcement requirements. Data relating to health will however be permitted to be transferred for reasons of prompt action or emergency
7. Aadhaar: The Aadhaar Act needs to be amended to bolster data protection
8. Welfare exemption: Welfare functions of the state will be recognised as a separate ground for processing.
9. Security exemption: The data protection law will enable an exemption to the processing of personal or sensitive personal data if it is necessary in the interest of the security of the state
10. Journalistic exemption: To strike a balance between freedom of expression and right to informational privacy, the data protection law would need to signal what the term ‘journalistic purpose’ signifies
What it Means for You?
The Bill wants to give consumers more control of his/her data and in turn giving consumers greater control on privacy. The recommendations (if adopted) will make cross-border data transfers more rigid, which as per tech industry experts may act as a trade barrier.
However, as we’ve earlier cited, for a country where the right to privacy is subject to constitutional confusion, it is a welcome sight to see associated legislative reforms being pushed through. As usual, timely / efficient execution and enforcement is key.
To read the Full text of the draft Bill click here.
To read the full text of the Justice BN Srikrishna Committee report and its recommendations, click here.
(We are now on your favourite messaging app – WhatsApp. We highly recommend you SUBSCRIBE to start receiving your Fresh, Homegrown and Handpicked News Feed.)