India Prepares Draft Bill for GDPR-Like Data Protection But With Several Loopholes

India is post-obit the footsteps of the Eu and is likely to soon have a legislation which limits the control which tech companies enjoy on the user data stored and "harvested" past them. A committee headed by Supreme Court justice BN Srikrishna has presented a typhoon of the bill which protects the privacy rights of digital users in India.

Dubbed "Personal Data Protection Beak, 2018" by the Srikrishna committee, the bill is analogous to EU's recently-implemented GDPR regulations and puts the users' consent at its center. The beak is designed to tackle the exploitation of user information for financial benefits, especially when it is without the consent or even the information of users.

Fine of Rs. 15 Crores for Violation

Every bit per the 213-page draft bill, the regulation will put acts similar the collection and processing of large volumes of user information using new technologies under the category of "pregnant information fiduciary". The companies violating this clause or misusing their monopoly on users' information for monetary benefits will earn a fine of Rs. fifteen crores (~$2.ii million) or 4 pct of the global revenue.

Which instances of data fall nether the "categories of sensitive personal information which are critical to the nation" will be decided by the government after rigorous assessment in the Parliament. Every bit a upshot, companies volition have to undergo frequent audits for compliance with the regulations.

Right to be Forgotten

The regulation too introduces the concept of "right to be forgotten" which means that companies volition accept to remove the data of users from their databases if the user requests so. It also mandates that any sort of processing of data will have to accept place on servers located in India and not sent out of the country.

India Prepares Draft Bill for GDPR-Like Data Protection But With Several Loopholes — Indian Government minister for IT & Law, Ravi Shankar Prasad; Courtesy: Khabar Bharat

Only, No Regulations for Government-Backed Offenders

All the same, one cardinal area in which the typhoon pecker defaults is that it does not give citizens absolute control over their data and will allow the government to sift through private information on the grounds of national security. Moreover, it but holds private companies answerable for loss or abuse of information and does non put any onus on the lack of security on critical databases such every bit that of UIDAI.

Loopholes to be Addressed

Moreover, Nikhil Pahwa of MediaNama too claims that these penalties are tiny compared to global standards, especially in sight of the awe-inspiring $5 billion fine levied past the EU on Google for misuse of its monopoly amid Android users. The typhoon bill likewise omits throwing much light on accountability of data and i example of this is the absence of mandatory provisions to inform users when a data breach occurs.

This draft bill which talks nigh the protection of private information in India lacks some critical aspects and puts the rights of the government on user data ahead of the rights of the citizens themselves. In its nowadays land, the law appears to be a crafty effort at ensuring data privacy and more than like an attempt to grant the government totalitarian-ish control over the citizens' digital lives – something similar to what exists in China.

While there is no certainty, it is possible that the regulation is coherent with the government's plans to create a digital surveillance tool aimed at slapping a feeling of patriotism. We believe that the government should spend more efforts consulting international experts to create a solid police force which is democratic in all its aspects, not just its appearance.