Have you ever filed taxes or made a phone call? Do you own a smartphone? Have you ever used the internet? Do you have a social media account or wear a fitness tracker? If you answered yes to any of these questions, you have been sharing your personal information, either online or off, with private or public entities including some that you may never have heard of. Sharing data may bring benefits, and it has often also become necessary for us to do everyday tasks and engage with other people in today’s society. But it is not without risks. Your personal data reveals a lot about you, your thoughts, and your life. These data can easily be exploited to harm you, and that’s especially dangerous for vulnerable individuals and communities, such as journalists, activists, human rights defenders, and members of oppressed and marginalized groups. That is why these data must be strictly protected.
Data Protection: Personal data is any information relating to you, whether it relates to your private, professional, or public life. In the online environment, where vast amounts of personal data are shared and transferred around the globe instantaneously, it is increasingly difficult for people to maintain control of their personal information. This is where data protection comes in. Data protection refers to the practices, safeguards, and binding rules put in place to protect your personal information and ensure that you remain in control of it. In short, you should be able to decide whether or not you want to share some information, who has access to it, for how long, for what reason, and be able to modify some of this information, and more.
Need of Data Protection Laws: There are two main reasons that governments should pursue comprehensive data protection frameworks:
- Laws need to be updated to address today’s reality. Ever since the internet was created, people have been sharing more and more of their personal information online. In many countries, privacy rules exist and remain important to help protect people’s information and human rights, but they are not adapted to suit the challenges of today’s connected world.
- Corporate co- and self-regulation is not working to protect our data. Around the world, companies and other entities that collect people’s data have long advocated for regulation of privacy and data protection not through binding frameworks but rather through self- or co-regulation mechanisms that offer them greater flexibility. However, despite several attempts, we have yet to see examples of non-binding regimes that are positive for users rights.
The growth of Privacy Regulation Bill in India: The Personal Data Protection Bill, 2019, follows a long line of privacy jurisprudence in India that has been influenced by global developments as well as the country’s own constitutional jurisprudence. The growth of the Indian information technology industry and the telecom revolution, which started in the late 1990s, led to the proliferation of digital services in India.
Personal Data Ownership: In principle, DPB proposes that the data provider is the owner of their own personal data. While simple in idea, this notion could impose an enormous implementation burden for digital companies. In the physical world, a property owner can ask for return of their property. Companies in the digital world would have to figure out how to comply with this requirement when the user demands erasure or recall of their personal data from a digital company for example, when a person requests deletion of all of their information after they cease to be a Facebook member. Digital companies would also have to think beyond their own data storage and usage, because they might have sold the data to a third party.
Data Sovereignty: DPB reserves the right to access the locally stored data to protect national interests. This implies that DPB would treat citizens’ data as a national asset, no different than control over citizens’ physical properties. In this respect, DPB differs from GDPR, which imposes no locational storage requirements or preferential access to data for protecting national interests. Currently, digital companies practically own the data as long as they can address the privacy concerns and meet the user-acceptance requirements. One implication of the new policy is that when the government demands its citizens’ data, in case of foreign attacks and surveillance, digital companies would have to abide and assist the Indian government’s defence policy.
As a company, data privacy is arguable even more important. You may have to meet legal responsibilities about how you collect, store, and process personal data, and non-compliance could lead to a hefty fine. If you fall victim to a hack, the consequences in terms of lost revenue and lost customer trust could be even worse. So stay connected with us for more. Stay safe and healthy.