Following an enormous spike in public data collecting by major media owner firms and states alike, developed countries in the west have developed outstanding data protection rules. The GDPR system in the EU is thought to be the most stringent of them all. The Indian government, seeing the need for a robust data safeguard code in the wake of high-profile information leakage events and the Supreme Court’s call for one, set up a committee led by retired Justice B.N. Srikrishna to draught a Personal Information Protection Bill that will “ensure the growth of the digital economy while keeping citizens’ personal information secure.”
Western models of data protection regime: EU vs USA
The European Union and the United States of America have taken starkly opposed approaches in terms of data protection.
1- EU
Articles 7 and 8 of the European Union Charter grant ‘Privacy’ and ‘Data Protection’ constitutional status. The European Union attempted to create a cohesive data protection strategy for the first time in 2014 when it passed the ‘Data Protection directive.
The European model of data protection considers an individual’s right as important to have control over his personal data. With EU general data protection regulation every individual gets the complete right to give informed consent for its use. It also extends his right to rectify, change and create objections after the collection of such data with valid consent.
2-The US
Unlike the European Union, the United States lacks an unambiguous constitutional commitment to individual privacy. The US courts, on the other hand, have interpreted the first, fourth, fifth, and fourteenth amendments to say that the right to privacy is an inalienable right of every US citizen. The fourth amendment, which prohibits “unreasonable searches and seizures,” is the foundation upon which this interpretation is built.
Overarching and extensive legislation like the Privacy Act of 1974 and the Financial Privacy Act of 1978 control data processing by government agencies.
What are the standards of consent?
EU is acknowledged in Article 7 and specified under recital 32 of the GDPR. The consent must be informed, specific, and free of ambiguities.
There are specific standards of consent, some of them are given below:
1- Free consent means there should not be any pressure or influence on the given consent. In the sense of employer and employee situation, the employee might fear retribution for declining consent.
2-Informed and specific consent means that the subject should be given information about the controller of data, and which functions.
3-Also take care your consent is unambiguous. In other words, you can say, consent should relate to affirmative action by the data subject.
What is the importance of the data protection act?
The data protection act has importance because it offers guidance and best practice rules for companies and governments to follow on how to use personal data including:
1- Controlling the use of personal data
2-Protection of data subjects’ rights
3- Making it possible for the data protection authorities to enforce requirements
4- Making organizations liable for sanctions if they violate the regulations.
What are data protection laws in India?
The Data Protection Act is significant because it offers organizations and the government with instructions and best practices on how to use personal information, including:
1- Regulate data processing
2-Protect data subject rights
3-Enable the Data Protection Authority to enforce rules
4- Hold organizations liable to fines in case of breach of rules
The DPA’s regulations are extensive and encompass topics such as data exchange and data security. At its core are nine sensible guidelines are known as the “data protection principles,” which must be followed by all organizations collecting and using personal information.
More sensitive information is better protected under the law, such as:
- Background ethnic
- Political viewpoints
- Religious convictions
- Sexual well-being
- Criminal record
What are the features of the Indian Data Protection Bill 2021
The Data Protection bill 2021 increases the applicability of the bill from only personal data to non-personal data as well. The data which is gone through the process of anonymization is called non-personal data.
1- Data protection bill 2021 reorganizes a separate group of sensitive personal data. This category consists of information on the health, sexuality, political beliefs, and financial activities of an individual.
2-Data protection bill 2021 is applicable to federal, state, local, and private agencies. Also, for ventures offering goods and services to nationals and persons abroad.
3-The bill also defined the responsibility of data protection authorities to take care and control the functions of entities responsible for managing data.
4- Responsible entities or individuals for holding and managing data should inform rules and data principles like usage rights and storage procedure of data.
5-Social media platforms like Twitter, Facebook, Instagram, etc., have the right to modify or remove the content posted on their website under S.26 of the Data Protection Bill