The draft Personal Data Protection Bill 2019, which was introduced in the Lok Sabha on Dec 4, 2019, seeks to lay out a framework for the handling of private data. The proposed bill bars technology companies from storing and processing personal data without receiving explicit consent from an individual.
At the same time, the new rules empower New Delhi to “exempt any agency of government from the application of Act in the interest of sovereignty and integrity of India, the security of the state, friendly relations with foreign states, public order.”
Likewise, the proposed bill allows the processing of personal data for prevention and detection of any unlawful activity, such as fraud, whistleblowing, merger and acquisitions, network and information security, credit scoring, recovery of debt, processing of publicly available personal data, and the operation of search engines.
The draft Personal Data Protection Bill 2019 is in line with the government’s efforts to bring more “accountability and transparency” to manage the vast amount of data Indians are generating every day. Some of the provisions in the bill have sparked controversies, with large tech giants raising their concerns. However, the much-awaited personal data protection legislation is a step in the right direction. Let us see why.
Data Breaches Are On The Rise
India has undergone and is still undergoing a large-scale digital revolution. Enterprises across all industries and sectors are taking the digital route, moving beyond traditional business practices. Needless, this entire transformation is primarily driven by data. Increased smartphone usage in the country has fueled a massive uptick in internet traffic.
This, in turn, has led to a never-ending inflow of user data as well as the rising number of personal data breach incidents. India experienced the second-highest number of cyber attacks in the world during 2016-2018, reveals a recent report from the Data Security Council of India (DSCI). At such a critical time, the government’s decision to protect the privacy of citizens comes as a huge relief.
One of the major parts of the draft Personal Data Protection Bill 2019 is the “Right to erasure”, which allows users to ask organizations to erase their private data. This ensures users can have complete control over their personal data and can dictate how and when it can be shared or used. Hence, the bill directly addresses the data privacy issues head-on by giving users more power.
Addressing The Dilemma With Digital Identity Verification Platforms
The draft Personal Data Protection Bill 2019, however, fails to address some major concern areas. To begin with, it provides miscreants with the scope to erase their identifying data from online platforms. This might lead to a collision with the Right to Information (RTI) Act. Removal of such data could also prevent authorities to access the tracking information they might require to keep a tab on those malefactors.
This leaves a chasm that must be bridged through a consent-based identity data sharing mechanism. Such mechanisms enable users to share their data with third-party organizations in a secure manner, and remove authorization to access as and when required while being complaint with RBI guidelines.
Second, sections 26 and 28 of the bill talks about social media platforms and mandates voluntary identification of users, perhaps, in an attempt to curb the spread of false news. The new rules require social media intermediaries to come up with a mechanism that will allow users to verify their identity. The verified accounts will then have an authentication mark, not unlike the blue tick Facebook, Instagram and Twitter have for celebrities or public figures. Identity verification platforms that let users share essential information required for validation digitally would be a good addition to the onboarding process.
The draft Personal Data Protection Bill 2019 aims to propel India’s journey towards a trillion-dollar digital economy without compromising the privacy of user data. The bill, if implemented carefully, would not only help citizens to have autonomy over their sensitive personal data but would also allow India to mitigate the cybersecurity threats and data breaches the country faces in the wake of digitization.