The revised version of the Data Protection Bill continues to not be “citizen friendly,” as per civil society activists. The revised version of the Data Protection Bill, which is doing the rounds amongst industry stakeholders, is continuing to provide exemptions to companies with regards to collecting citizen data. Experts believe that the sharing and selling of citizen data by start-ups, small enterprises etc will continue on, even after the ratification of the bill.
The reworked version of the Data Protection Bill has been approved by the Cabinet and is likely to give start-ups some exemption from key provisions of the bill. This watered down privacy framework, which is likely to pass this Monsoon Session could mean that the business of use and abuse of citizen data is likely going to continue the same as before.
Privacy activist and internet researcher, Srinivas Kodali said, , “The updated version of the bill does not address critical issues of data collection by the government and continues to provide exemption to companies with deemed consent. The bill is inadequate to protect the fundamental right to privacy of Indians.”
‘Not citizen friendly’
Kodali also added that just like the previous versions of the bill, it continues to be business friendly and not citizen friendly.
There are areas in the bill where it has been ratified that businesses can assume that the citizen has given consent to process their data, without providing the citizens with an explicit request or “deemed consent.” Deemed consent is for the specified purposes for which the data principal has voluntarily provided her personal data to the data fiduciary, and in respect of which she has not indicated to the data fiduciary that she does not consent to the use of her personal data.
Limiting key provisions
Experts also worry that the provisions of the prospective bill may not universally apply to all data fiduciaries. “The bill empowers the Central government to limit the key provisions of the bill to only a few selected big data fiduciaries,” the expert said.
The new version of the bill which is not very different from the recent drafts of the data protection bill, is bogged by the same concerns related to citizen privacy as its previous versions.
Even with this bill, it is going to be business as usual for Indian citizens, who will continue to field spam calls, telemarketers and data breaches on their private data being circulated without their consent. “Your data will be shared, sold, used and abused, only if there is a breach the government will act,” said Kodali.