As a result of Internet technology, transactions processing has undergone remarkable changes. On the positive side, e-commerce, m-commerce, and l-commerce have become a reality in the electronic marketplace. However, one of the undesirable outcomes of the Internet is its use for criminal acts. This is when the government of India introduced the Personal Data Protection Bill, 2019 in Lok Sabha by the Minister of Electronics and Information Technology, Mr Ravi Shankar Prasad, on December 11, 2019.
What exactly is Personal Data Protection Bill, 2019?
As the Personal data breaches have emerged as one of the most presiding categories of security incidents across the globe. The Bill seeks to provide protection of personal data of individuals and establishes a Data Protection Authority for the same.Applicability of the Bill:
The Bill governs the processing of personal data by:- Government
- Companies incorporated in India, and
- Foreign companies that are dealing with the personal data of individuals residing in India.
Obligations of data fiduciary:
A data fiduciary is an entity or individual who decides the methods and purpose of personal data processing. Such processing will be subject to a specific purpose, collection and storage limitations. For example, data can be processed only for specific, explicit and lawful purpose. Furthermore, all data fiduciaries must undertake absolute transparency and accountability measures such as follows:- Implementing security protection (such as data encryption and preventing ill-usage of data)
- Instituting grievance redressal mechanisms to address the grievances of individuals.
Rights of the individual:
The Bill specifies certain rights of the individual (or data principal). These include the right to:- Obtain consent from the fiduciary on whether their data has been processed.
- Seek rectification of inaccurate, incomplete, or outdated data.
- To transfer personal data to any other data fiduciary under certain circumstances.
- Restrict continuing disclosure of their such data by a fiduciary, if it is no longer required or consent is withdrawn.
Grounds for processing personal data:
The Bill allows the processing of data by fiduciaries only if the individual provides consent. Though, in certain circumstances, such data can be processed without consent. These situations include:- If required by the State for granting benefits to the individual
- Legal proceedings
- Acknowledge to a medical emergency.
Offences:
- Processing or transferring personal data by the violation of the Bill is punishable with a fine of Rs 15 crore or 4% of the annual turnover of the fiduciary, whichever is higher.
- Failure to conduct a data audit, punishable with a fine of rupees five crore or 2% of the annual turnover of the fiduciary, whichever is higher.