For those of you who didn’t know, over the last 24 months alone, the amount of data we have generated is close to 90% of the overall data generated. With tons of different gadgets and devices around us – from smartwatches and smartphones to smart refrigerators and fitbits – we generate data of around 2.5 quintillion bytes every single day.
Though on one side this is the best time to be alive, this also the time our identities are at stake. While we are not going to that aspect, we want to shed light on one of the most revolutionary steps taken in terms of data protection. Recently in India, a data draft protection bill was passed by the special Committee of Experts on Data Protection Framework for India. Justice B.N. Srikrishna – on the chair – presented the report and bill to the Ministry of Electronics and Information Technology on the 27th of July 2018 and here’s everything you should know about the Bill.
Individual Rights with respect to data
The bill gives an individual with three distinct rights on data. These include the right to
Fiduciary refers to the relationship between the individual and a service provider, where there is a dependency on the submission of data to obtain specific services from the provider.
Duties of the Fiduciary
The service provider, on the other hand, is obligated with several responsibilities such as the following:
An Authority for Data Protection
The bill also emphasizes the set up of a standalone authority to protect data. The powers vested with the authority are:
Personal Data Processing
The Bill points out the requirement of consent for processing of personal data. In certain situations however, the Bill identifies consent may not be fetched for processing. In such cases, the ground rules for data processing would be the following:
Sensitive Personal Data
The Bill identifies that any sensitive personal data such as biometrics, passwords, genetic data, caste, orientation, religious/political beliefs and more would be processed only with explicit consent from the individual. Besides, the processing of sensitive personal data can also be carried out if it’s required by law, court judgement or during times of emergencies and threat to public order or health.
More importantly, the fiduciary is also required to bring in ideal mechanisms or strategies to verify age of users and work on parental consent when collecting details of children.
Personal Data Transfer to Other Countries
The transfer of personal data (and not sensitive data) to foreign countries is allowed only under the permissible orders of the central government or when the Authority approves of such transfers.
Exemptions
The Bill also points out exemptions from policy and rules compliance for reasons that include
Penalties
If the fiduciary is found to fail in performing its duties, adhering to the compliances or violate data processing ground rules, the Authority has the right to penalize from over Rs. 5 crore to even 2% of the global turnover of the fiduciary.
Law Amendments
The Bill makes consequential amendments to the IT Act of 2000, the Right to Information Act of 2005 and to the non-disclosure of personal data where any harm to individual outweighs public welfare or good.
The pointers mentioned are brought to you by PRS Legislative Research. If you intend to know more about the Bill and have a better understanding of its consequences, your role and that of a fiduciary, click here.
Fill in the details to know more
What Is Hyperledger Fabric? Components, Workflow, Features, and Pros
August 26, 2022
Project Ideas For Engineering Students
August 25, 2022
Custom Directive In Angular
August 24, 2022
Command line arguments in C
How Does Blockchain Work?
All About MBA and MBA Salary in India
August 23, 2022
Add your details:
By proceeding, you agree to our privacy policy and also agree to receive information from UNext through WhatsApp & other means of communication.
Upgrade your inbox with our curated newletters once every month. We appreciate your support and will make sure to keep your subscription worthwhile