A new ‘Personal Data Protection Bill 2018‘ has been proposed by The Ministry of Information Technology and Telecommunication. The main aspects of the bill focus on cyber crime punishment. The proposal demands a maximum punishment of up to two years and Rs 5 million fine on unlawful processing of personal data and misuse of someone’s personal information gathered online.
The “Personal Data Protection Bill 2018” firmly believes and guarantees privacy of home. It protects the dignity of every man and woman as their fundamental right under Article 14.
Reasons why a new Personal Data Protection Bill 2018 should be endorsed
Recently, the EU has announced it’s very own set of rules that have to be followed by every tech industry involved in the area in order to protect citizen rights in every way possible.
Similarly, The Ministry of Information Technology and Telecommunication has kept all the growing scenarios in mind and decided to update the bill. The bill mentions the developing tech world and how dependent we’ve become on the newest technology, which is why there should be certain laws in place to protect the users from any harm. Gathering personal data in this modern world has become far too easy.
Apart from that it has come to light that many Tech companies only survival is through the use of personal data it collects from its users and sells it off to other brands for money. Personal data has become an extremely valuable commodity. It is often collected, processed and even sold without the permission of the owner.
In today’s world, personal information is simply used for target advertising and marketing products to target populations, which may seem harmless at first but it can be diverted to more harmful uses such as scams. In order to live in a new era of technology we must adopt ways to protect ourselves from any harms that may come with the developments. It is in the best interests of citizens and the government to have assured confidentiality and integrity of databases.
What does the Personal Data Protection Bill 2018 state?
- In a situation where the offence commits an act under sub-section (1), it will lead to a fine of up to five million rupees as punishment
- All companies must follow procedure and abide by the laws set in the Bill, failure to comply will be seen as a violation of the provisions laid down and will therefore be punished with a fine up to one million rupees
- Those who fail to abide by the orders of the commission or the court will be fined with five hundred thousand rupees
- Corporate liability will also be imposed on whoever commits a criminal offence on his instructions or for his benefit or lack of required supervision by any individual, acting either individually or as part of a group. The person shall be punished with fine of five million rupees.
This proposed legislation applies to processors and any person who has control over the processing of any personal data.
When can you process personal user data?
The proposal states that you may process personal data about a subject if the processing is necessary to your work:
- If the performance of a contract to which the data subject is a party
- If the user has allowed the processing of their personal data subject
- In terms of any legal compliance and any legal obligation to which the data controller is the subject, other than an obligation imposed by a contract
- In order to protect the vital interests of the data subject
- For the administration of justice
- For the exercise of any functions conferred on any person by or under any law
Right of access to personal data:
(1) If you want to access a users personal data then you must first inform the user and ask for permission to use their personal information for further extensive uses.
(2) To access data after a prescribed payment fee you may request access to users personal data in writing
- For the subject’s personal data
- To communicate a copy of the personal data in an intelligible form
(3) A data access request for any information under sub-section (2) shall be treated as a single request, and a data access request for information under clause (a) of sub-section (2) shall, in the absence of any indication to the contrary, be treated as extending also to such request under clause (b) of subsection (2).
(4) In a situation where the data controller has data stored for two different occasions, a separate data access request is necessary for each separate entry.
(5) Where a data controller does not hold the personal data, but controls the processing of the personal data in such a way as to prohibit the data controller who holds the personal data from complying, whether in whole or part, with the data access request under subsection (2) which relates to the personal data, the first mentioned data controller shall be deemed to hold the personal data and the provisions of this Act shall be construed accordingly.
Implementation of the Personal Data Protection Bill 2018
The Commission responsible for the implementation of the Personal Data Protection Bill 2018 will be appointed by the Federal government. It will compromise of three Commissioners: The first Commissioner should be qualified to be a judge of High Court; The second Commissioner should have a master’s degree in computer sciences or telecommunications and fifteen years of experience in the field of information technology, telecommunications or computer sciences; and the third Commissioner should be from the civil society and have a degree based on sixteen years of education from a recognized institution and fifteen years of experience in the field of mass communication, academics and civil rights.
The Commission for the new Personal Data Protection Bill 2018 will be headed by an appointed Chairman, who will be nominated by the Federal Government. The Commissioners nominated including the Chairman will hold office for four years from the date on which they assume office and shall not be eligible for re-appointment and will overlook the implementation of the bill by all Tech companies in the future.