INTRODUCTION
As the country’s digital economy and cyber ecosystem multiply, it is critical to put in place a robust safeguarding framework that guarantees the responsibility of enterprises that manage personal data. Without such legislation, such organisations cannot be held liable in the case of a breach of information or comparable incident. As a consequence, there is a pressing requirement for agreement and a concerted effort to develop adequate data protection laws. The anticipated Indian bill, which is expected to be introduced in parliament soon, is geared towards safeguarding individuals’ privacy and guaranteeing their sensitive information is not misused. This blog discusses the history of the law, its ramifications, the outcome, and the current scenario for the Anticipation Indian Bill.
HISTORY OF INDIAN PRIVACY BILL
As a result of the increasing number of people using the internet and the broad use of technology, an immense amount of sensitive information has been generated. This data has been gathered without the consent or accountability of individuals, raising worries regarding privacy violations.
In response to increasing concerns about data privacy, a group of experts was formed in 2012 to outline core areas of data privacy protection, such as transparency, collection and purpose constraints, security, confidentiality, consent gathering, availability of data, and correction, and observe them by investigating authorities. Several individuals were concerned about the growing popularity of Aadhar. Several petitions have been brought to the Supreme Court, alleging threats to privacy as a result of data breaches, etc.
The Supreme Court established a nine-judge committee to consider whether the right to confidentiality is a basic right. The Supreme Court replied enthusiastically, ruling in K.S. Puttaswamy v. Union of India that the right to solitude is a fundamental right.
Following the Puttaswamy choices, a committee was established in August 2017 under the leadership of Minister of Justice (Retd.) B.N. Srikrishna to examine data protection issues, recommend solutions, and draft a data protection bill. The committee handed its findings and a drafted data privacy bill before the Department of the Ministry of Information Technology and Electronics on July 27, 2018.
Subsequently, in December 2019, the Rajya Sabha enacted the Personal Data Protection Bill 2019, which established compliance standards for personal data, expanded individuals’ rights, established a central data protection regulator, commanded data localization, and implemented monetary penalties for noncompliance. In 2019, the Indian privacy bill was forwarded to the Joint Parliamentary Committee of Parliament (JPC) for investigation, which suggested 81 revisions and 12 suggestions that altered the legislation’s mandate.
However, the administration withdrew the unsuccessful personal data protection bill from parliament, leaving the DPB’s fate in question. According to the Ministry of Information Technology and Electronics, the IT Act could be amended to take into account the country’s developing technological landscape.
DIFFICULTIES IN THE OLD PRIVACY BILL –
The Indian government’s proposed Indian privacy law generated concerns for a variety of reasons, including challenges relating to
Data Localization: The need for private information to be maintained on computers or data centres situated within Indian territory is referred to as data localization. The measure authorised the government to exclude some kinds of personally identifiable information from this obligation, as well as designate certain data types as “critical” and have them stored solely in India. This rule was criticised by technology businesses since it required them to build a new infrastructure for data storage in India even if they hadn’t established an actual presence there. Furthermore, there was not a specific definition of “critical and sensitive data” in the bill.
Governmental Access: The governmental access to data paragraph permitted the government access to all personally identifiable information for the purposes of ensuring national security and preventing, detecting, investigating, and prosecuting crimes or other legal violations. However, in India, lax security measures against state surveillance posed an important risk to privacy. The legislative framework for government monitoring lacked judicial warrants, third-party oversight, or any duty to inform the target of surveillance, putting it in violation of globally recognised human rights norms.
Inadequate Measures: The drafted bill additionally contained inadequate oversight measures. The central government exercised significant influence over the regulatory framework, including the capacity to designate the members of the information protection authority based on the recommendations of an independent panel. Commissioners of the authority must ha