Tuesday, July 23, 2024
HomeAdvocoteWhat India's draught digital privacy law says and how it relates to...

What India’s draught digital privacy law says and how it relates to other countries’ data protection laws

What India's draught digital privacy law says and how it relates to other countries' data protection laws

Share with Others

4.5/5 - (13 votes)

What India’s draught digital privacy law says and how it relates to other countries’ data protection laws

The revised data protection Bill, unveiled three months after the government withdrew an earlier draught, eases cross-border data transfers and strengthens penalties for violations. However, it grants the Centre broad authority while imposing little safeguards. In contrast to an earlier convoluted draught, the new Digital Personal Data Protection Bill, 2022, announced on Friday (November 18), focuses on personal data.
The modified version of the legislation has significant fines for noncompliance, but they are capped without regard to the organisation in question’s turnover.

It has also relaxed regulations on cross-border data flows, which may provide relief to large IT firms, as well as a provision for easier compliance requirements for start-ups.

There could be two major warning flags: a near-universal exemption for government agencies from some of the more onerous obligations in the Bill, and a narrowing of the remit of the proposed Data Protection Board, which is tasked with overseeing the terms of the proposed Act.

According to officials at the Ministry of Electronics and IT (MeitY), the new draught strikes a difficult balance and takes into account worldwide approaches, while remaining consistent with the Supreme Court’s verdict on privacy as a basic right, but within reasonable limits.

ALSO READ  In India How might Indian law address climate governance? | ENVIROCOTE & ADVOCOTE

While comparisons have been made to the EU’s landmark General Data Protection Regulation, or GDPR, which, according to Graham Greenleaf, professor of Law & Information Systems at the University of New South Wales, has significantly influenced legislation in nearly 160 countries, the Government of India sees its version of the Data Protection Bill as only one piece of a larger policy vision for the entire digital economy.

This broader policy comprises a comprehensive digital India Act that will eventually replace the present IT Act, the newly disclosed data protection Bill, and the new telecom Bill, which was made public last month.

In contrast, the historic GDPR, which has been in effect since May 2018, is clearly centred on privacy and requires individuals to provide explicit consent before their data may be handled. The Digital Services Act (DSA) and the Digital Markets Act (DMA) branch out from the GDPR’s overarching focus on the individual’s control over her data.


The DSA is concerned with concerns such as controlling hate speech and counterfeit goods, but the DMA introduces a new category of “dominant gatekeeper” platforms and is concerned with uncompetitive practises and abuse of dominance by these companies.

Other countries’ data protection legislation

According to data from the United Nations Conference on Trade and Development (UNCTAD), an intergovernmental organisation within the United Nations Secretariat, an estimated 137 out of 194 countries have put in place legislation to secure data and privacy protection, with Africa and Asia showing 61% (33 countries out of 54) and 57% adoption, respectively.

ALSO READ  56 Years of Haryana Happy Haryana Day on the 56th anniversary of Haryana's illustrious history | INFOCOTE

Only 48% (22 out of 46) of Least Developed Countries have data protection and privacy laws. EU MODEL: The GDPR focuses on a comprehensive data protection law for personal data processing. It has been criticised for being overly stringent and imposing several requirements on organisations that collect data, but it serves as the model for the majority of legislation written around the world.

Data Protection USA :- USA is very very serious for the safety of its Citizen and their data.

The right to privacy is enshrined as a basic right in the EU, with the goal of protecting an individual’s dignity and control over the data she generates. The European Charter of Fundamental Rights recognises the right to privacy as well as the right to personal data protection, and is supported by a comprehensive data protection framework that applies to personal data processing by any means, as well as processing activities carried out by both government and private entities.
There are some exceptions, such as national security, defence, public security, and so on, but they are clearly specified and viewed as exceptions on the outskirts.


Privacy protection is broadly characterised as “liberty protection,” with an emphasis on defending an individual’s personal space from the government. It is seen as having a fairly restricted emphasis because it allows for the gathering and use of personal information as long as the individual is notified of such collection and use. The US model has been deemed deficient in key regulatory areas.

In the United States, there is no comprehensive set of privacy rights or principles that, like the EU’s GDPR, cover the use, collection, and disclosure of data. Instead, there is little industry-specific regulation.
The public and commercial sectors take diverse approaches to data protection. However, the government’s activities and powers in relation to personal information are sufficiently well-defined and addressed by wide legislation such as the Privacy Act, the Electronic Communications Privacy Act, and so on. There are several sector-specific norms for the private sector.

ALSO READ  Supreme Court is in favour of right of abortion for all women | Content On The Edge

CHINA MODEL: Among the new Chinese data privacy and security legislation passed in the last year is the Personal Information Protection Law (PIPL), which goes into effect in November 2021. It grants new rights to Chinese data principals in order to avoid the exploitation of personal data.

What India's draught digital privacy law says and how it relates to other countries' data protection laws
What India’s draught digital privacy law says and how it relates to other countries’ data protection laws

The Data Security Law (DSL), which takes effect in September 2021, requires business data to be classified by relevance level and imposes new restrictions on cross-border transfers.

These regulations will have a substantial impact on how firms gather, keep, use, and transmit data, but they are primarily concerned with granting the government broad powers to collect data and control private companies that collect and process information.

According to an EY analysis, China’s PIPL is “similar” to the EU’s GDPR in that it gives Chinese consumers the right to access, correct, and delete personal data collected by businesses, but it has a legitimate impact on offshore data processors that deliver goods and services or analyse individuals in China.

Why was SP leader Azam Khan’s name removed from the voter list?
The law imposes severe penalties, including fines of up to RMB 50 million, or 5% of a company’s preceding fiscal year’s revenue.

Businesses may be forced to halt operations until they “show compliance.” Individuals are also affected, with anyone directly responsible for data protection facing fines of up to RMB 1 million.

The DSL requires that business data be classified based on its importance to national security and the public interest, and companies wishing to transfer “important” data outside of China must first conduct an internal security audit before requesting a security assessment and approval from the Cyberspace Administration of China (CAC) and other relevant authorities.

ALSO READ  The Supreme Court hears a challenge to a law governing Indian adoptions | INDOCOTE

Companies that mishandle data under the DSL face significant penalties: in July this year, the ride-hailing company Didi was fined $1.2 billion (RMB 8.026 billion) for allegedly violating China’s cyber security regulations. Other businesses have also faced regulatory action.

The red flags and India’s draught Bill

Experts are concerned about broad exemptions for the Centre and its agencies with little to no controls, as well as the planned Data Protection Board’s diminished independence.

It is also worth noting that the new Bill has only 30 provisions compared to the previous one’s more than 90, owing to the fact that many operational aspects have been left to eventual rule-making.

For national security considerations, the central government may issue notifications exempting its agencies from the draught law’s provisions. The administration said in an explanatory note accompanying the proposed legislation that “national and public interest is at times stronger than the interest of an individual,” supporting the need for such exclusions.

The draught law leaves the selection of the Data Protection Board’s head and members solely to the discretion of the federal government. “Whereas the Data Protection Authority was originally intended to be a statutory authority (under the 2019 Bill), the Data Protection Board is now a central government-established board.” “The government still has a say in the board’s membership, terms of service, and so on,” said Nehaa Chaudhari, a partner at Delhi-based Ikigai Law.

According to Rajeev Chandrasekhar, Minister of State for Electronics and IT, the new draught places India in a position where the entire digital economy can be viewed through the lens of “trust and protection,” and will help the government “move towards more data-led governance where we can create analytical models to figure out where the gaps are and then plug them.”

ALSO READ  Be Aware of QR CODE SCAMS | Unbelievable BEER fraud Man orders Rs. 360 worth of alcohol on WhatsApp and loses Rs. 44782 | ADVOCOTE

“We have said clearly in the Bill that the Data Protection Board will be extremely autonomous… To resolve the issue of data breaches, the board will use a solely adjudicatory approach. It has the same status as a civil court, and its decisions can be appealed to the Supreme Court.

What India's draught digital privacy law says and how it relates to other countries' data protection laws
What India’s draught digital privacy law says and how it relates to other countries’ data protection laws are they better

This is sufficient motivation or disincentive for the board to work transparently. “Just because it is selected by a third party does not ensure adequate performance,” Chandrasekhar told The Indian Express.

“The government’s goal is for the board to rule fairly and transparently because else it can be legally challenged.” The system’s structure, in my opinion, is efficient and cost-effective.

“Anyone who claims that the board is not sufficiently independent misses the fact that the board must build its credibility via its own performance,” he said.

Content On The Edge C.O.T.E
Social Media Links:-#CONTENTONTHEEDGE – C.O.T.E
Youtube- ✅Subscribe to the YouTube channel of Content on the Edge
Facebook- ✅Like and Follow on Facebook for Latest content videos of C.O.T.E
Instagram- ✅Follow on Instagram for Latest content
Twitter- ✅Join Content on the Edge on Twitter for latest updates
Telegram Channel- ✅Join Telegram Channel to get latest files and updates
Telegram Group- ✅Join C.O.T.E Telegram Group to get latest updates
Whatsapp- ✅Click to text C.O.T.E on Whatsapp
Whatsapp Channel- ✅Click to Join C.O.T.E Whatsapp Channel for Latest Updates
Visit the Links to Join and Follow on Social Media

Share with Others
WhatsApp Channel Join Now
Telegram Channel Join Now
Instagram Page Join Now
As the administrator of Content on the Edge, Mr. C.O.T.E spearhead an innovative platform dedicated to fostering a vibrant community centered around information exchange. "Content on the Edge" isn't just a platform; it's a dynamic space where individuals converge to search, view, and share diverse content, contributing to a collective reservoir of knowledge. Through this endeavor, we aspire to catalyze a transformative shift in how information is disseminated and consumed. Join our vibrant COTE community as we embark on a journey to revolutionize the sharing landscape. Search, share, and subscribe to be part of this exciting movement towards meaningful change.


Please enter your comment!
Please enter your name here

Connect on Social Media


Most Popular