Tech
»
4-min read

The Draft Data Protection Bill 2018: You do Not Own The Data That You Have Shared

The Justice Srikrishna committee has given its recommendations to the government, but doesn’t give users the ownership of the data they share.

Vishal Mathur | News18.com

Updated:July 27, 2018, 11:58 PM IST
facebookTwittergoogleskypewhatsapp
The Draft Data Protection Bill 2018: You do Not Own The Data That You Have Shared
The Justice Srikrishna committee has given its recommendations to the government, but doesn’t give users the ownership of the data they share.
Loading...
The Justice BN Srikrishna-led committee, formed with the idea to create a powerful data protection law in India, has submitted its draft bill to the Ministry of Electronics and Information Technology (MEITY). This submission comes after a year of consultations with various stakeholders. There is great expectations from the recommendations of this committee, particularly after the European Union General Data Protection Regulation (GDPR) came into force in May this year. The draft bill, titled Personal Data Protection Bill, 2018 is important because of the increasing ambiguity over how a user’s data is protected, at a time when there is a greater push towards online services including by the government, more reliance on smartphone apps as well as web services.

The bill, states that “Any person processing personal data owes a duty to the data principal to process such personal data in a fair and reasonable manner that respects the privacy of the data principal.” Any and all personal data that is collected must be processed only for purposes that are clear, specific and lawful. The Data Protection Bill, 2018 also clarifies after any personal data is collected, it must be processed only for the purpose it was collected for in the first place.

For the data collection to be valid and legal, the Data Protection Bill, 2018 states that it is “free, having regard to whether it meets the standard under section 14 of the Indian Contract Act, 1872 (9 of 1872); informed, having regard to whether the data principal has been provided with the information required under section 8; specific, having regard to whether the data principal can determine the scope of consent in respect of the purposes of processing; clear, having regard to whether it is indicated through an affirmative action that is meaningful in a given context; and capable of being withdrawn, having regard to whether the ease of such withdrawal is comparable to the ease with which consent may be given” The most important aspect of this clause perhaps is the last part, which talks about making it easy for the original owner of the data, that is you and I, to be able to withdraw the data that we may have shared in the first place, for whatever reason we may want to.

“The data fiduciary shall not make the provision of any goods or services or the quality thereof, the performance of any contract, or the enjoyment of any legal right or claim, conditional on consent to processing of any personal data not necessary for that purpose,” clarifies the Data Protection Bill, 2018. This means that a service provider (specified here as data fiduciary) cannot ask for any other data apart from what is strictly necessary to provide a service in return.

The draft Data Protection Bill, 2018 recommends that a data fiduciary, any State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data, if found to be violating the safeguards for sensitive personal data, will be liable for a penalty of up to Rs 15crore or 4 percent of the total worldwide turnover, whichever is more. If non-sensitive personal data safeguard terms are violated, then the penalty will be up to Rs 5crore or 2 percent of the annual turnover, whichever is more.

Incidentally, the Data Protection Bill, 2018 draft recommendation doesn’t seem to give the users any ownership of the data they share with companies or other individuals for a service or the right to erasure of data that was previously shared, for instance. This is in stark contrast to the Telecom Regulatory Authority of India (TRAI) recommendations on data sharing with any entity in the telecom sector. The TRAI recommendations clearly state “In respect of the ownership of personal data, the Authority is of the view that the individual must be the primary right holder qua his/ her data. While the right to privacy should not be treated solely as a property right, it must be recognized that controllers of personal data are mere custodians without any primary rights over the same.” This simply means that any data that you share with any company still belongs to you, and the companies don’t have any ownership or the right to use that without your permission.

Also read: Understanding What The TRAI Recommendations on Data Mean For us

The draft recommendations in the Data Protection Bill 2018 also include the ‘Right to be Forgotten’. The draft bill says, “The data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary related to the data principal where such disclosure— (a) has served the purpose for which it was made or is no longer necessary; (b) was made on the basis of consent under section 12 and such consent has since been withdrawn; or (c) was made contrary to the provisions of this Act or any other law made by Parliament or any State Legislature.”

Where the data is stored is also touched upon. The recommendations suggest that data localization for personal data is mandatory, and every data fiduciary shall have to keep a copy of the data they collect on a server or data center located in India. This is applicable even if the data fiduciary is keeping another copy of the data set on a server located outside India.

It is important to note that this draft bill has been submitted to MEITY, and still has to stand the test on the floor of the Parliament.
(Get detailed and live results of each and every seat of the state Assemblies in Madhya Pradesh, Rajasthan, Telangana, Chhattisgarh and Mizoram to know which candidate/party is leading or trailing and to know who has won and who has lost and by what margin. Our one-of-its-kind Election Analytics Centre lets you put on the psephologist's hat. Know interesting facts and trivia about the elections. Elections = News18)
Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwittergoogleskypewhatsapp

Live TV

Loading...
Countdown To Elections Results
  • 01 d
  • 12 h
  • 38 m
  • 09 s
To Assembly Elections 2018 Results