Some 70-odd crore-strong Indian male population will be called upon to come out of their obsession with masculinity as the draft Digital Data Protection Bill, 2022, unveiled by Communications Minister Ashwini Vaishnaw for public debate the other day, only identifies them in the feminine gender. Under the proposed law, everyone is a she and all that belongs to that person is ‘hers’.
The new law creates a record of first in India’s legislative history by using ‘she’ and ‘her’ to refer to all genders. In the case of all previous laws, the pronouns he and his were used as gender neutral, which meant that it also applied to women, implying he included she. But for the purposes of data protection, henceforth it would be she that includes he.The bill also uses the term ‘data principal’ to denote the individual whose data is being collected and ‘data fiduciary’ to refer to the entity that decides the purpose and means of processing personal data.
By way of illustration, the draft mentions the following: @‘A’ enters into a contract with ‘B’ to provide a service ‘X’ to ‘B’. As part of the contract, ‘B’ consents to: (a) processing of her personal data by ‘A’, and (b) waive her right to file a complaint with the Board under the provisions of this Act. Part (b) of the consent by which ‘B’ has agreed to waive her right shall be considered invalid.
The minister explains that this is in keeping with Prime Minister Narendra Modi’s programmes for women empowerment and in sync with his Beti Bachao Beti Padhao campaign. No doubt, the feminists would be immensely pleased with the new law, but it is a moot point whether such symbolism is enough for the empowerment of women in the country.
The new draft takes care of some of the objections that activists and the opposition parties had raised about the previous bill, which was withdrawn in the wake of the strong opposition. But it still retains powers for the Centre to monitor data in national interest, a provision that is bound to continue causing eyebrows to go up.
A major departure is the provision in the new draft for cross-border interactions of data with certain notified countries and territories, which are friendly to India. This is a victory for the world’s IT giants, which have been lobbying for such a facility citing cost benefits. Asia Internet Coalition, a lobby group that represents Meta, Google, Amazon and others had lobbied that the companies be given the freedom to decide on cross-border transfer of data.
The group had argued that placing restrictions on cross-border data flows was likely to result in higher business failure rates, introduce barriers for start-ups, and lead to more expensive product offerings from existing market players. This will ultimately affect digital inclusion and the ability of Indian consumers to access a truly global internet and quality of services, the group had insisted.
On the positive side, the proposed new law places restrictions on companies in the use of personal data collected at various levels while dealing with customers. The draft stipulates that companies only use the data they have collected from users only for the purpose for which it was originally collected. It also seeks accountability from the firms that they ensure that they are processing the personal data for the users for the precise purpose they collected it. Companies are also not supposed to store the data perpetually by default. According to a note from the IT ministry, the storage should be limited to such duration as is necessary for the stated purpose for which personal data was collected.
The draft proposes various penalties for violations and failures. A penalty of up to Rs 250 crore is provided for failure to ensure reasonable security safeguards to prevent personal data breach. Penalties of up to Rs 250 crore are slapped if a firm fails to notify the authorities and users about personal data breach.
The draft is, however, expected to meet continued opposition over much of the retention of control over citizens data and access to it for the government and its agencies. The government was forced to withdraw the earlier bill due to political as well as judicial pressure on account of the scope for abusing personal data both by the government as well as the companies collecting such data. (IPA Service)
The post New Data Protection Bill Boosts Feminists As It Creates Legislative History first appeared on IPA Newspack.