A committee headed by Justice B N Srikrishna, has formalized a legal framework for Data protection in India. The committee has also released a draft of the Personal Data Protection Bill, which is also being called the Draft Bill.
The Personal Data Protection Bill is proposed to supervise the processing of personal data. After the upcoming of various recent cases in which there was a threat of personal data getting leaked, the draft bill is being seen in a much positive light.
According to the Data Protection Bill, it is obligatory for data fiduciaries to provide specific notice mentioning the purpose of the processing of the personal data. One more positive compulsion that is included in the Data Protection Bill is the re-evaluation of the utility of data. If the fiduciaries don’t want a particular data anymore, they will have to delete it.
The Data Protection Bill has put the data-seeking organizations under a number of obligations. For example, data fiduciaries, if the Draft Bill is implemented, will have to conduct re-assessments in case of the employment of any new technology –like Data Analytics or Big Data –for the processing of data, as in the case of technology, the risk of expected harm increases. The Data Protection Bill allows the cross-border transfer of data but it is mandatory to keep the copy of the transferred data in India.
The mandates of the Data Protection Bill can affect organizations in terms of time and infrastructure as maintenance, assessment, re-assessment, evaluations, and re-evaluation will take a lot of effort. Also, If not adhered to, the Draft Bill can invite penalties which range from imprisonment to fine.
Despite this, the Data Protection Bill seems to be a positive step taken towards the privacy of the citizens of India.