Overview of PDP Bill
The honorable Supreme Court of India has recognized privacy as a fundamental right protected by the Constitution of India. A committee was formed to review the PDP Bill 2019. After 2 years of constant research, the committee has issued their final report on the bill. There is a strong possibility that PDP Bill would be enacted as the Data Protection Act.
Personal Rights- The Proposed Bill gives individuals a specific right relating to their personal data like getting confirmation on if or not their personal data has been processed, seeking correction & erasure of their data, transferring of the data to other trustees, & disclosure of the personal data if it is no longer necessary or if consent is withdrawn.
Restrictions on Using Individual Data- The proposed bill contains certain rules for data handlers in the context of processing data. Such processing needs to be subject to certain limitations relating to their purpose, collection, and storage. All data fiduciaries will have to undertake certain measures relating to transparency and accountability, such as implementing security safeguards and instituting grievance redressal mechanisms to address complaints of individuals.
DPA- To ensure compliance with the provisions of the proposed has provided for further regulations with respect to the processing of data of individuals. The role of a DPA has been outlined in the legislation. The DPA will mostly have members with great expertise in the field of data protection and information technology. They would be responsible for enforcing the rule for both personal and non-personal data. The DPA members will be appointed by the Union Government.
Exemptions in Processing of Personal Data- Processing of Personal Data is exempt from the proposed bill in some cases. For example, the Central Government can exempt its agencies in the interest of the security of the state, public order, sovereignty and integrity of India, and friendly relations with foreign states. Also, the processing of personal data is also exempted for other purposes such as prevention, investigation, or prosecution of any offense, or research, and journalistic purposes. Individual's personal data are allowed to be processed without their consent in some cases such as, by the government to provide benefits to an individual, if you are required in legal proceedings & for a medical emergency.
Data Protection Law in Other Countries
The importance of privacy is increasing massively across the globe. More than 125 Countries have legislation in place relating to data privacy & data protection. In the USA, we are seeing several states develop their own legislation for Data Protection. The States which don’t have the legislation for Data Protection is already in the process of getting these sanctioned.
In the United Kingdom (UK) the Data Protection Act has already been Implemented from 1st January 2021. It is also known as UK GDPR. Other Countries with a strong Data Protection Regulation include Australia, Spain, Switzerland, Sweden, Singapore, Germany, France, Italy & Japan.
Data Privacy & Data Protection Laws make a significant impact on the working of Organisations be it Structurally or Procedurally. It has become necessary for Organisations to adapt to a wide range of Data Protection Regulations as they are aware now Data Breaches Come with their own adverse consequences.