Data Protection Bill – The Core IAS

Data Protection Bill

The Digital India Bill, a comprehensive overhaul of Internet laws, will be unveiled in June 2023. This bill represents a significant update since the Information Technology Act of 2000.

What is the Digital India Bill?

DIA will consist of 4 parts:

Digital Personal Data Protection Bill,

DIA rules,

National Data Governance Policy, and

Indian Penal Code amendments

Need for such legislation

India has 850 million internet users, making it the world’s largest “digitally connected democracy.”

The IT Act, created for the pre-digital era, lacks provisions for user rights, trust, safety, and modern cyber threats.

Growing cyber crimes, disinformation, and privacy concerns necessitate an updated legislation.

Goals of the Digital India Bill 

Evolvable digital law: Flexible rules adaptable to changing technological trends.

Adjudicatory mechanism: Accessible mechanism for resolving online civil and criminal offenses.

Principles and rules-based approach: A legislative framework based on overarching governing principles.

Key components of the DIA

Open Internet: Promotes choice, competition, diversity, fair market access, and ease of doing business, preventing the concentration of power.

Online Safety and Trust: Safeguards users against cyber threats, revenge porn, defamation, cyberbullying, and moderates fake news. Advocates for digital rights and protects minors.

KYC Requirements: Mandates Know Your Customer (KYC) for privacy-invading devices like spy camera glasses.

Monetization Rules: Overhauls rules for platform and user-generated content to align with the DIA.

Key feature: Reconsideration of Safe Harbour

The government is reconsidering a key aspect of cyberspace — ‘safe harbour’.

Safe harbour is the principle that so-called ‘intermediaries’ on the internet are not responsible for what third parties post on their website.

This is the principle that allows social media platforms to avoid liability for posts made by users.

Safe harbour has been reined in in recent years by regulations like the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which require platforms to take down posts when ordered to do so by the government, or when required by law.

Data Protection Laws are there in other Nations

European Union Model:

The General Data Protection Regulation focuses on a comprehensive data protection law for processing of personal data.

In the EU, the right to privacy is enshrined as a fundamental right that seeks to protect an individual’s dignity and her right over the data she generates.

US Model:

There is no comprehensive set of privacy rights or principles in the US that, like the EU’s GDPR, addresses the use, collection, and disclosure of data.

Instead, there is limited sector-specific regulation. The approach towards data protection is different for the public and private sectors.

The activities and powers of the government vis-à-vis personal information are well-defined and addressed by broad legislation such as the Privacy Act, the Electronic Communications Privacy Act, etc.

For the private sector, there are some sector-specific norms.

China Model:

New Chinese laws on data privacy and security issued over the last 12 months include the Personal Information Protection Law (PIPL), which came into effect in November 2021.

It gives Chinese data principals new rights as it seeks to prevent the misuse of personal data.

Way Forward

The detailed timeline is undisclosed, but the government aims to conduct a comparative study of global laws and consult with experts, industry, the public, and relevant forums.

The draft Bill will undergo consultation, followed by a draft Cabinet note before the final version is released.