Skip links
Application for Kuniya IAS Scholarship Test
3rd October Scholarship Test Result
Registration opens for 7 days FREE Trial Classes on Indian Polity & Current Affairs from 12th October.

Click here: Registration open for free scholarship test

Click here: Registration open for free scholarship test

Click here: Registration open for free scholarship test

Register for 7days Free Trial Classes

Call Us

+91 8988672222

Email Us

info@kuniyaiasexamination.org

Facebook Instagram Youtube Linkedin-in
Whatsapp Now
Kuniya Institute of IAS Examination

Mains – 21st Nov 23

INDIA’S DATA PROTECTION LAW

Why in news?

Government has brought in new Data Protection Bill, which was recently passed in Rajya Sabha.

INDIA’S DATA PROTECTION LAW


Main Provisions of The Digital Personal Data Protection Bill, 2023

The Bill will apply to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised.  It will also apply to such processing outside India if it is for offering goods or services in India.

Personal data may be processed only for a lawful purpose upon consent of an individual.  Consent may not be required for specified legitimate uses such as voluntary sharing of data by the individual or processing by the State for permits, licenses, benefits, and services.

Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met.

Data fiduciaries encompasses organizations collecting data for services, research, or marketing.

The bill also introduces the concept of ‘Significant Data Fiduciary’ (SDF), which carries additional obligations. SDFs are determined based on factors like data volume, sensitivity, processes, turnover, and technology use.

Privacy by design principles must be integrated into data processing systems, with measures like data minimization, pseudonymization, and encryption.

Data minimisation means collecting the minimum amount of personal data that is needed to deliver an individual element of a service.

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information.

Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted).

The Bill grants certain rights to individuals including the right to obtain information, seek correction and erasure, and grievance redressal.

The central government may exempt government agencies from the application of provisions of the Bill in the interest of specified grounds such as security of the state, public order, and prevention of offences.

The central government will establish the Data Protection Board of India to adjudicate on non-compliance with the provisions of the Bill.

Decisions taken by the data protection board can be appealed before the Telecom Disputes Settlement and Appellate Tribunal (TDSAT), which is led by a judicial member.

The Bill also states that if an entity is penalised on more than two instances, the central government– after hearing the entity – can decide to block their platform in the country.

The Centre has proposed to significantly ease cross-border data flows to international jurisdictions – by moving away from a whitelisting approach to a blacklisting mechanism.

 

Key issues

Exemptions to data processing by the State on grounds such as national security may lead to data collection, processing, and retention beyond what is necessary.  This may violate the fundamental right to privacy.

The Bill does not regulate risks of harms arising from processing of personal data.

The Bill does not grant the right to data portability and the right to be forgotten to the data principal.

The Bill allows transfer of personal data outside India, except to countries notified by the central government.  This mechanism may not ensure adequate evaluation of data protection standards in the countries where transfer of personal data is allowed.

The members of the Data Protection Board of India will be appointed for two years and will be eligible for re-appointment.  The short term with scope for re-appointment may affect the independent functioning of the Board.

There is also concern that the law could dilute the Right to Information (RTI) Act, as personal data of government functionaries is likely to be protected under it, making it difficult to be shared with an RTI applicant.

 

What are the Global Regulations Regarding Data Governance?

Data Governance

· Data governance refers to the overall management and control of an organization’s data assets. It involves establishing policies, procedures, and frameworks to ensure that data is used, stored, and shared in a consistent, secure, and compliant manner throughout the organization.

· Data governance aims to ensure that data is accurate, reliable, accessible, and protected, and that it is used in accordance with legal, regulatory, and ethical requirements.

· It involves defining roles, responsibilities, and processes for managing data, as well as establishing standards for data quality, data integration, data security, and data privacy.

 

  • General Data Protection Regulations (GDPR) of European Union(EU):
    • The General Data Protection Regulation focuses on a comprehensive data protection law for processing of personal data.
    • In the EU, the right to privacy is enshrined as a fundamental right that seeks to protect an individual’s dignity and her right over the data she generates.
    • The fines imposed by the GDPR, have prompted organizations worldwide to prioritize compliance. Notable companies, including Google, WhatsApp, British Airways, and Marriott, have faced substantial fines.
    • Moreover, the GDPR’s strict norms regarding data transfers to third countries have had a profound influence on data protection frameworks beyond the EU.
  • Data Governance in US:
    • There is no comprehensive set of privacy rights or principles in the US that, like the EU’s GDPR, addresses the use, collection, and disclosure of data.
    • Instead, there is limited sector-specific regulation. The approach towards data protection is different for the public and private sectors.
      • The activities and powers of the government vis-a-vis personal information are well-defined and addressed by broad legislation such as the Privacy Act, the Electronic Communications Privacy Act, etc.
      • For the private sector, there are some sector-specific norms.
    • Data Governance in China:
      • New Chinese laws on data privacy and security issued over the past 2 years include the Personal Information Protection Law (PIPL), which came into effect in November 2021.
        • It gives Chinese data principals new rights as it seeks to prevent the misuse of personal data.
      • The Data Security Law (DSL), which came into force in September 2021, requires business data to be categorized by levels of importance, and puts new restrictions on cross-border transfers.

 

What are the Provisions Related to Data Governance in India?

  • IT amendment Act,2008:
    • Existing Privacy Provisions India has some privacy provisions in place under the IT (Amendment) Act, 2008.
    • However, these provisions are largely specific to certain situations, such as restrictions on publishing the names of juveniles and rape victims in the media.
  • Justice K. S. Puttaswamy (Retd) vs Union of India 2017:
    • In August 2017, a nine-judge bench of the Supreme Court in Justice K. S. Puttaswamy (Retd) Vs Union of India unanimously held that Indians have a constitutionally protected fundamental right to privacy that is an intrinsic part of life and liberty under Article 21.
  • N. Srikrishna Committee 2017:
    • Government appointed a committee of experts for Data protection under the chairmanship of Justice B N Srikrishna in August 2017, that submitted its report in July 2018 along with a draft Data Protection Bill.
    • The Report has a wide range of recommendations to strengthen privacy law in India including restrictions on processing and collection of data, Data Protection Authority, right to be forgotten, data localisation etc.
  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021:
    • IT Rules (2021) mandate social media platforms to exercise greater diligence with respect to the content on their platforms.
  • Proposal of ‘Digital India Act’,2023 to replace IT act,2000:
    •  IT Act was originally designed only to protect e-commerce transactions and define cybercrime offenses, it did not deal with the nuances of the current cybersecurity landscape adequately nor did it address data privacy rights.
    • The new Digital India Act envisages to act as catalysts for Indian economy by enabling more innovation, more startups, and at the same time protecting the citizens of India in terms of safety, trust, and accountability.

 

 

Panchayat Development Index

Why in News?

Recently, the Union Minister of State for Panchayati Raj released the Report on Panchayat Development Index (PDI) at the National Workshop on Panchayat Development Index in New Delhi.

 

About PDI

  • The Panchayat Development Index (PDI) is a multi-domain and multi-sectoral index that is intended to be used to assess the overall holistic development, performance & progress of panchayats.
  • Panchayat Development Index takes into account various socio-economic indicators and parameters:
    • Infrastructure: Availability of basic amenities like roads, electricity, water supply, sanitation facilities, etc.
    • Health and Education: Access to healthcare services, educational institutions, literacy rates, and enrolment in schools.
    • Economic Indicators: Income levels, employment opportunities, agricultural productivity, and economic activities.
    • Social Indicators: Poverty rates, gender equality, social inclusion, and overall quality of life.
    • Governance and Administration: Efficiency and transparency of local governance, delivery of public services and citizen participation.
    • Environmental Sustainability: Measures related to ecological balance, conservation, and sustainable practices.
  • Panchayats are categorized into four grades: D (scores under 40%), C (40-60%), B (60-75%), A (75-90%), and A+ (above 90%).
  • The PDI aims to promote the Localization of SDGs by creating awareness among panchayats and stakeholders about their importance.
  • It encourages panchayats to adopt best practices and innovations to improve their performance in achieving SDGs.

 

Highlights of the Report on the PDI

  • The pilot project was carried out in four districts of Maharashtra, namely Pune, Sangli, Satara, and Solapur.
  • The data collected from the pilot project was used to compile the report of the Panchayat Development Index Committee.
  • The pilot study showed that 70% of the panchayats in the four districts of Maharashtra fall in Category C, while 27% are in Category B.
  • The report highlights the need for evidence-based planning, resources must be deployed where required for overall development.