Why in News?

• The Personal Data Protection Bill, which was tabled in Parliament by the Electronics and IT Minister recently, has now been referred to a joint committee.

Types of Personal Information:

• Sensitive Data constitutes or is related to passwords, financial data, health data, official identifier, sexual orientation, religious or caste data, biometric data and genetic data. It may be processed outside India with the explicit consent of the user.
• Critical Data will be characterised by the government every once in a while, and must be stored and handled only in India.
• General Data is any data that is non-critical and non-sensitive and are categorised as general data with no limitation on where it is stored or managed.

About the Bill:

• As per the bill, it is the individual whose data is being stored and processed.
• The government is qualified to order any data fiduciary to acquire personal and non-personal/anonymised data for the sake of research and for national security and criminal investigations.
• Social media companies, which are deemed significant data fiduciaries based on factors such as volume and sensitivity of data as well as their turnover, should develop their own user verification mechanism.
• An independent regulator Data Protection Agency (DPA) will oversee assessments and audits and definition making.
• Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for auditing, grievance redressal, recording maintenance and more.
• The bill also Grants Individuals the right to data portability, and the ability to access and transfer one’s own data.
• The right to be forgotten: this right allows an individual to remove consent for data collection and disclosure.

Why does Data Protection matter?

• With a population of over a billion, there are about 500 million active web users and India’s online market is second only to China.
• Large collection of information about individuals and their online habits has become an important source of profits.
• It is also a potential avenue for invasion of privacy because it can reveal extremely personal aspects.
• Companies, governments, and political parties find it valuable because they can use it to find the most convincing ways to advertise to you online.
• Besides, presently, there are no laws on the utilisation of individual information and forestalling its abuse, even though the Supreme Court maintained the right to privacy as a fundamental right back directly in 2017.

Important recommendations of Justice BN Srikrishna Committee:

• The Justice Srikrishna committeeon data privacy has made specific mention of the need for separate and more stringent norms for protecting the data of children.
• It recommended that companies be barred from certain types of data processing such as behavioural monitoring, tracking, targeted advertising and any other type of processing which is not in the best interest of the child.
• It is widely accepted that processing of personal data of children ought to be subject to greater protection than regular processing of data.
• Safeguarding the best interests of the child should be the guiding principle for statutory regulation on protecting data of children.
• The committee noted that, at present, there were two types of entities processing the personal data of children.
• The first type was services offered primarily to children, such as YouTube Kids, Hot Wheels and Walt Disney, and the second were social media services such as Facebook and Instagram.
• The committee’s recommends that the Data Protection Authority will have the power to designate websites or online services that process large volumes of personal data of children as “guardian data fiduciaries”.

Why there are Concerns over the Bill?

• The bill is like a two-sided sword. While it protects the personal data of Indians by empowering them with data principal rights, on the other hand, it gives the central government with exemptions which are against the principles of processing personal data.
• The government can process even sensitive personal data when needed, without explicit permission from the data principals.

Recent Issues over Data Protection:

• Recently, messaging platform WhatsAppsaid that some Indian journalists and rights activists were among those spied using technology by an Israeli company, which by its own admission only works for government agencies across the world.
• Google too had alerted 12,000 users, including 500 in India, regarding “government-backed” phishing attempts against them.
• The Indian Government has still not come out in the clear convincingly regarding these incidents.