Data Protection Bill Allows Law Enforcement To Use Personal Data Without Consent

The Personal Data Protection (PDP) Bill, which is likely to be tabled in Parliament this week, proposes allowing law enforcement agencies to process personal data of data principals (users) without consent for “reasonable purposes”.

The exemptions will be in cases of prevention and detection of any unlawful activity including fraud, whistle blowing,  mergers and acquisitions, network and information security, credit scoring, recovery of debt, processing of publicly available personal data and operation of search engines.

However, reiterating the importance of privacy, the draft, seen by Inc42, clearly states that except for any specific, clear and lawful purpose, no personal data shall be processed by any person.

Personal data can be processed without consent only after taking into consideration factors such as public interest. The draft says that personal data may be “processed” if this is necessary for the performance of “any function of the state authorized by the law” for any public service and for compliance with any order of a court or tribunal.

Among other changes, the proposed bill also gives users the right to delete any personal data posted in the public domain similar to the Right To Be Forgotten ruling in Europe and gives them the freedom to ask social media platforms such as Facebook and Twitter to delete any data they have published online.

The proposed bill will also require social media platforms to create a mechanism that will allow users to verify their accounts.

Data principals can also ask for restricting continued disclosure of data once the purpose for which it was collected has been served, or is no longer necessary. If the users withdraws consent, the data has to be removed. However, they will have to file an application with an adjudicating officer in case they wish to withdraw consent or want to limit the use of data, according to the draft.

The draft also says that every data fiduciary i.e. company or agency asking for the data and the data processor processing the data shall implement necessary security safeguards, including use of methods such as de-identification and encryption, steps necessary to protect the integrity of personal data; and steps necessary to prevent misuse, unauthorised access, modification, disclosure or destruction of personal data. It also says that every data fiduciary and data processor shall undertake a review of its security safeguards periodically.

The PDP Bill has got the union cabinet’s approval last week and will be sent to a joint committee for further discussion after it is tabled.


Recent Posts

After FASTag, Fastlane Technology For Petrol Pumps Gains Momentum

Even as the National Highways Authority of India (NHAI) is in the process of digitising all state highways, a FASTag-like…

January 25, 2020

After India, US Tries To Curb Sale Of Counterfeit Products On Amazon

The sales of counterfeit products on the ecommerce segment is not something only India is grappling to tackle. Meanwhile, ecommerce…

January 25, 2020

Republic Day 2020: Delhi Police To Deploy Drones, Use Face Recognition

To make sure everything is under control during the proceedings of Republic day, on January 26, Delhi Police has decided…

January 25, 2020

News Roundup: 11 Indian Startup News Stories You Don’t Want To Miss This Week [Jan 20 – 25]

We bring to you the latest edition of News Roundup: Indian Startup Stories Of The Week! In one of the…

January 25, 2020

NIT Karnataka Organises Hackathon To Solve Real Word Problems

The National Institute of Technology Karnataka (NITK) Surathkal, on January 25 and 26, is organising a 24-hour national level hackathon,…

January 25, 2020

Uber CEO Opens Up About Food Delivery Biz Sale To Zomato

After Zomato CEO and cofounder Deepinder Goyal explained the maths behind the Uber Eats acquisition this week, cab-hailing service Uber’s…

January 25, 2020