The Ministry of Electronics and Information Technology introduced the Personal Data Protection Bill, 2019 in the Lok Sabha on 11th December 11, 2019. This bill is currently in the discussion stage and is open for public comments.
The Wednesday Seminar on 29th January with the theme, ‘Legal Bases of Information Privacy: A talk on the Personal Data Protection Bills’ reviewed this proposed Bill and recommended ways for it to be improved. The speakers were Mr. Nithin Ramakrishnan, Assistant Professor of International Law in the School of EGCS at Chinmaya Vishwavidyapeeth (CVV) and Mr. S. Navamohana Krishnan, a second-year BCom student from CVV.
The primary aim of the session was to bring to light the underlying assumptions and elucidate the conceptual framework which the bills have employed. The speakers introduced the bill to the audience, explained its contents and its underlying implications reflected through the provisions of the bill. They identified the modified agenda of the bill which was to create a free and fair digital economy due to which the primary objective of the bill to protect individual privacy was being pushed to auxiliary status.
Mr. Navamohana Krishnan further explained the conceptual tools used by the bill. He spoke about the actors involved, consent mechanism, and exempted activities. He criticised the definition of the term 'processing' to have a reductionist approach that incorporates distinct activities such as collection, storage, analysis and dissemination into a single term, which is not suitable for a country like India.
Mr. Nithin Ramakrishnan identified that the state would possess tremendous power under the blanket of interests of the state. He also communicated how the bill proves deficit in defining commercial purposes.
The speakers came up with an alternative model which addressed the issues associated with the current bill. The new model pushed for ‘essentiality’ for processing instead of ‘necessity’. It also aimed to establish a single threshold of consent which is free, informed, unambiguous and granular with the option to withdraw. Another feature of the new model was the setting up of legal regimes for distinct activities of processing to ensure effective protection of personal data at each stage. The new model entrusted more liabilities and responsibilities towards the private data processors whose liabilities were often limited to contractual agreements.
The talk also highlighted our ability to play a role in law-making by urging the audience to record their views on the bill. It was an eye-opening and insightful session, venturing into the legal aspects of privacy which one day would have a significant impact in our day-to-day lives.