The need for sector-specific safeguards in ‘techade’
- The digital economy of India is expected to hit $1 trillion by 2026. We are also creating massive amounts of confidential data, which must be managed and secured properly. In this respect, the Digital Personal Data Protection (DPDP) Bill 2022 still requires improvement.
Points to ponder:
- The Digital Personal Data Protection (DPDP) Bill 2022 is an important step towards protecting citizens’ personal data in India.
- However, there are concerns about its interaction with existing sectoral regulations, as data protection and privacy are context-dependent, and sectoral expertise is crucial to regulate effectively.
- The global community has adopted two major approaches to regulate privacy and protect data: comprehensive legislation (such as the GDPR in the European Union) and sector-specific regulations (such as HIPAA for health care and GLBA for financial institutions in the United States).
- In India, there are already sectoral regulations regarding data protection, such as the Reserve Bank of India’s directive on storage of payment data and the National Health Authority’s Health Data Management Policy.
- The DPDP Bill should serve as the minimum layer of protection, with sectoral regulators having the ability to build on these protections. This framework will be especially useful in India, where not all regulators may have the same capacity.
- Data protection is a complex subject, and we must create room for sectoral experts to weigh in to safeguard the interests of citizens more effectively.
- Overall, finding the right balance between the DPDP Bill and existing sectoral regulations will ensure a safer, more secure, and dynamic digital landscape in the years to come.
Key features of the bill:
- The term “data principal” refers to the person whose data is being collected.”Data Fiduciary” refers to the entity that determines the “purpose and means of processing an individual’s personal data.”
- Personal data, according to the law, is “any data by which or in relation to which an individual can be identified.”
- Important Information Fiduciaries work with a large amount of confidential info. The Central Government will decide who falls into this group based on a variety of criteria.
- Such organisations will be required to designate a “Data Protection Officer” as well as an impartial Data Auditor.
- The holders of data will have the right to request that data gathered by the data fiduciary be erased and corrected.They will also be able to appoint someone to execute these rights in the event of the data principal’s death or incapacity.