Personal Data Protection Bill: Regulation rather than protection in the right context

A nation with a 1.34 billion population dwelling in a fast-paced digital economy, information on every individual’s personal data in a multi-dimensional matrices form is gigantic. Considering that right to privacy is a fundamental right redefining digital governance was expected since it is an essential facet of information privacy. While the Personal Data Protection Bill (PDPB) has been drafted on the lines of European General Data Protection Regulation (GDPR), it still needs close scrutiny considering the India’s digital economy.

While it has been termed as Personal Data Protection Bill (PDPB), I interpret it as a regulation rather than protection in the right context.

The following points are a summary from the understanding of the bill:

• Regulate storing and processing of personal data by entities without the explicit consent of an individual
• Regulate processing of personal and sensitive information of children while mandating the processing of 'critical' personal data only in India
• While critical personal data shall only be processed in India, it can be transferred outside India in case of health or emergency services "where such transfer is necessary for prompt action", and where the government has deemed such transfer to be permissible
• Sensitive personal data such as financial data, health data, gender orientation, biometric or genetic data, religious or political belief/affiliation can be transferred outside India with explicit consent but will continue to be stored in India
• Watchdog on data fiduciary which is defined as any person, including the State, a company, any juristic entity or any individual who alone or in conjunction with others determines the purpose and means of processing of personal data
• Setting up of an authority for protecting personal data and prescribing stiff penalties for violation of various provisions

Considering the above highlights, it can be interpreted as not a data protection law and rather a law regulating all kinds of data processing.

Digitally driven technology is continuously helping to improve our living conditions. By virtue of that data captured is been used by data driven sciences to improvise such living conditions. If we curtail the creation of such data that has the right objective it will hamper our digitally driven economy where the world is setting up data hubs due to talents available here in India. If that gets impacted it will impact employment generation. It has been estimated that Indian analytics, data science and big data industry is estimated to be $3 billion in revenues and growing at a healthy rate. It is a concern that we need to evaluate as long as PDP identifies and regulates harmful use of data it is fine.

Corporates have already started to be responsible by way of setting data compliance governance by way of privacy readiness assessment, defining sensitive data, or developing culture of privacy with awareness and training session. We need to be responsible and self-regulatory.

Disclaimer: The views expressed here are solely those of the authors and do not in any way represent the views of exchange4media.com