ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 10th August. Click Here for more information.
Source– The post is based on the article “India’s data protection law needs refinement” published in “The Hindu” on 21st July 2023.
Syllabus: GS2- e-governance
Relevance: Issue related to data protection
News- The government will table the Draft Data Protection Bill in the current session of the Parliament.
What are issues related to the Draft Data Protection Bill?
Scope and definition– the Bill’s scope and effectiveness in protecting the privacy of Indian citizens remain limited. The DPDP Bill solely focuses on safeguarding personal data, which is data that can directly or indirectly identify an individual.
However, in the contemporary data economy, entities utilise various types of data, including both personal and non-personal data, to target, profile, predict, and monitor users.
Non-personal data typically refers to anonymous data that does not pertain to any specific individual. Example is aggregated data on products viewed by numerous users on Amazon between 9 p.m. and 11 p.m.
When combined with other datasets, this non-personal data can potentially identify individuals.
The re-identification of non-personal data poses significant privacy risks that are not addressed in the latest draft of the DPDP Bill.
The Bill could include a penal provision that imposes financial penalties on data-processing entities for re-identifying non-personal data as personal data.
Data protection board– The Proposed data protection board cannot initiate a proceeding of its own accord.
According to the Bill, the board is the designated authority responsible for enforcing the law. It can initiate a proceeding for adjudication only if a complaint is filed by an affected party or if directed to do so by the government or a court.
In the data economy, users have limited control and knowledge about data transfers and exchanges. The constantly evolving and complex nature of data processing puts users at a disadvantage compared to the entities utilizing their data.
For instance, a food delivery app could violate sell data to data brokers, and as an individual, user might lack the resources or motivation to approach the data protection board.
However, the board could be better positioned to take action against the food delivery app on behalf of all affected users. The DPDP Bill could have provisions allowing the data protection board to initiate complaints on its own.
