Top 5 things you didn’t know were integral to the personal data privacy bill
Updated on Jun 27, 2022
On August 24, 2017, the Supreme Court of India declared privacy to be a fundamental right. A nine-judge bench in Justice KS Puttaswamy vs Union of India affirmed that right to privacy is an integral part of part III of the Constitution of India, which enshrines the fundamental rights guaranteed to every citizen of India. As part of this judgement, the apex court put special emphasis on an individual’s right to data privacy. A committee was formed to study data privacy issues and on December 2019, the Personal Data Protection Bill was tabled in the parliament. Among other things, the bill proposes a number of measures to safeguard data privacy of citizens.
- Your data can only be collected for specific purposes
Nobody can just gather your personal information and use it for their own business ends. The bill lays down certain principles for protecting the data of individuals. For instance, one of the principles states that only the most essential data that is needed for a particular purpose, can be collected. Every piece of data processed should be for a defined and specific purpose. The purpose should be lawful, and it should be clearly defined. The owner of the data will have to be given a notice for collection and processing of the data. This data can then be used only for the defined purpose, and must be deleted when it’s no longer needed. The same data cannot be preserved and reused for any other purpose.
- Your consent is essential
According to the bill, your permission is necessary for anyone to use your personal information. Before data collection or processing begins, the individual needs to provide their consent. Your data can be collected and used only if you provide your authorisation. Without consent, personal data cannot be collected – unless under some very special circumstances. In case of children’s data, parental consent is compulsory. Children have as much right to their personal data as adults do. Hence, their data privacy needs safeguarding as well. Anyone seeking to use such data will have to take the consent of parents or guardians of the child. There are some very specific exceptions to the consent rule. There are some scenarios where the authorities (or an authorised entity) are allowed to collect your information without having to seek your consent. Thich includes health concerns, matters of national security, legal requirements and certain other scenarios. During a health emergency, for instance, your personal health data, while sensitive, can save your life. Similarly, when the nation’s sovereignty and security is as stake, certain kinds of information need to be collected without asking the owner. Only under these circumstances can the data be used without the owner’s consent.
- Know your rights
The Personal Data Protection Bill, 2019 outlines the rights of the individual with regard to data collection and usage. This includes the following:
- Right to seek confirmation on whether your personal data has been collected or processed. You have the right to know, and to inquire about it.
- Right to seek correction of incorrect or incomplete data. A lot of times the information collected may be outdated, inaccurate or insufficient. Such data can be updated, rectified or completed.
- Right to have your personal data referred to any other recognised authority in certain situations. This allows for data portability if needed.
- Right to prevent continuing use of your data if it is no longer needed.
- Transfer of data outside the country
Your personal data may not leave the country. Under certain circumstances and only with your knowledge and consent, your informatiion may be transferred outside India. Even when such transfer occurs, your data should continue to be stored within the country. But there are exceptions to this. There are certain kinds of information that the government might mark as critical personal data, which can only processed within the country, and never taken outside.
- Social media is responsible!
Social media platforms deal with users’ personal data all the time. Their algorithm keep track of your usage, including what you share, what you like and what you don’t like. This data is then used to serve relevant ads to you. This data also tells them what kind of content is likely to affect you more, and the platform shows you those kind of posts with a higher frequency.
The bill tries to make social media companies accountable for their content. Social media platforms will be treated as publishers, and they will be made responsible for the content posted by users. Social media through its algorithms not only chooses who can see certain kinds of content, but also controls access to content on the platform. The platforms will have to answer for all unverified content published on their websites and apps. They are also required to open an office in India, if they haven’t already.
The Personal Data Protection Bill is full of such provisions and recommendations which are designed to protect your data from being exploited and utilised without your express permission. What do you think of these features, and about data privacy?