10. Will Digital Personal Data Protection Act violate privacy of citizens?
What is your Opinion : Yes or No?
Why is it so? = Pick Pointers for your arguments
| Yes | No |
|---|---|
| Balance between privacy and need to process data for lawful purposes is not possible as both are contradictory. Small scale startups cant afford such huge penalties so it will muzzle such business ecosystem. If exemptions are allowed then anyway privacy is compromised. | There will be processing of digital personal data in a manner that recognizes :
Rights of individuals to protect the data B) Need to process the data for lawful purposes Individuals need to give consent before their data is processed => Data principal's right to postmortem privacy (withdraw consent) Individuals also have the right to withdraw consent from a Data Fiduciary. There will be a balance and no violation of privacy but only data processing based on consent and necessity. Early stage Startups will be given exemption + more time to adjust but citizen’s right is top priority. |
| Right to Information (RTI) Act- The personal data of government functionaries is protected making it difficult to be shared with an RTI applicant. In case of government entities, storage limitation and the right of the data principal to erasure will not apply. | It enhances both Ease of Living & Ease of Doing Business. It enables India’s digital economy and innovation eco- system. Digital economy is 10% of GDP and it will be 20% by 2025-26. |
| Parental consent is diluted and government is taking the final call. Government also has power to gain access to any data for purpose of this act. Immunity to government, data protection board and chairman defeats the purpose of privacy. | Platforms have been collecting personal data ostensibly and even exploiting. This act ensures that data is protected = Gives first time the rights to 83 Cr Digital Nagriks, by 2025-26, it will be a 120 Cr. |
| IT Act also deals with data protection and privacy. Globally GDPR was there, so new law was not required but to apply same here. | IT Act does so but in a very asymmetric way and hence, was ineffective. That is user had to prove that harm has been caused him/her by breach of data. DDPA turns it on head => Citizens have the rights and corporations have to prove that there was no data breach. This is based on GDPR. |
| It will lead to government surveillance and misuse. Pegasus spyware already seen. Article 21- It violates the fundamental right to privacy because of the exemptions provided to the State on grounds such as national security. | User Harm = In cyber-space, there are new ones = Cyber Stalking, Doxing, Gaslighting + coming from all over the world. No request / incentive but a law for platforms to conduct themselves responsibly otherwise face heavy penalties. |
| Territorial aspect of the bill is not implementable. Time for migration to avoid disruption = no implementation for long time and hence no privacy. This shift towards appeasing favouritism compromises the accountability of data processors in safeguarding personal data and undermines the principle of shared responsibility. | Board through consent managers adjudicates the disputes. Internet is a borderless space. Any geography/jurisdiction where data of citizens is not secure i.e. law is not applicable = geography / jurisdiction will be blacklisted. So, it handles safety, trust and meaningful cross border data flow and enhances privacy. |
| DPDP Section 34 has no provision for compensation to person whose data is breached so privacy is for namesake. While Section 28 gives power to board to impose fine on a false/frivolous complainant = Shooting the messenger, no criminal liability on platforms and hence, platforms will pay the fine and go scot free. | Penalties are hefty (up to INR 250 Cr) and hence, punitive in nature and effective deterrent so, criminal liability is not required. Vexatious complaints should not be used by vested interests and thus, the provision. |
| GoI has lot of data already e.g. Aadhar, DBT and any leakage will anyway lead to privacy breach. Privacy breach in CoWIN portal where the personal details of vaccinated users had been leaked on Telegram. 12,000 confidential records of State Bank of India employees were reportedly made public on Telegram. | Government is also included and all platforms holding data including government will seek consent to retain. National Data Governance Policy applied for same. |
Some Additional Data Points You should know for opinion building :
Digital Personal Data Protection Act was passed in August 2023. India’s digital economy is expected to hit USD 1 Tn by 2030 = India Techade.Rights of data principal- Data principal is an individual whose data is being processed. He/She will have the right
To obtain information about processing To seek correction and erasure of personal data To nominate another person to exercise rights in the event of death or incapacity and Grievance redressalDuties of Data Principals- Data Principals must not
Register a false or frivolous complaint Furnish any false particulars or impersonate another person in specified cases Violation of duties will be punishable with a penalty of up to Rs 10,000.Obligations of data fiduciaries- Data fiduciary is the entity determining the purpose and means of processing. Data fiduciary must
Make reasonable efforts to ensure the accuracy and completeness of data Build reasonable security safeguards to prevent a data breach Inform the Data Protection Board of India and affected persons in the event of a breach Erase personal data as soon as the purpose has been met and retention is not necessary for legal purposesRights of the data principal and obligations of data fiduciaries will not apply in specified cases such as
Prevention and investigation of offences Enforcement of legal rights or claims The Central government may exempt certain activities in the interest of : the security of the state and public order Research, archiving, or statistical purposesRefer our monthly booklets and add more muscle to your arguments & freeze an introduction & conclusion : Hyperlink to be provided
Discuss within your study circle and at our blog : Write Answers and Peer Review them
Balanced Conclusion / Way Forward :
Data is new oil. It is the currency of the digital age and processing of personal data is the pivot around which today’s digital economies revolve. Hence proper regulation and guidelines by the Government to enhance the data security is need of the hour. However, misuse of data and breach of privacy needs to be prevented totally in doing so.
0 Comments