Making personal data fit the bill
Cabinet has approved a version of the personal data Bill that, reportedly, tries to rectify some of the infirmities of previous iterations. GoI has, after elaborate consultation, decriminalised data breaches, but retained deterrent financial penalties graded to the potential damage with escalation for repeat occurrence. Consent is likely to be better informed with the requirement for information about what and why data is being collected from individuals.
Allowing data to be stored outside the country, except in countries banned by the government, would be an improvement over the previous whitelist approach. Standards for collection, accuracy, storage and deletion of personal data should make data fiduciaries more accountable. In these, the proposed law tries to drive a balance between consumer and business interests.
News reports suggest some concerns around privacy persist in the new draft. Principally, this pertains to the immunity the government and some of its agencies are seeking from a law being framed to protect a fundamental right of citizens. There is also scepticism over independence of a data protection board.
The provision of deemed consent for official purposes dilutes the protection needed for personal data, though officials assure that it will only be used in emergency situations. These are legacy concerns that have defied resolution even after a previous avatar of the Bill was junked following parliamentary scrutiny and GoI promising a rethink on the item of legislation. One of the industry's biggest ask, to reduce the age of children from 18 and below — to meet global standards — also remains unmet.
Read more on economictimes.indiatimes.com
