The need for sector-specific safeguards in ‘techade’ – The Digital Personal Data Protection (DPDP) Bill 2022 | 29th March 2023 | UPSC Daily Editorial Analysis

March, 2023 UPSC
Please Share with maximum friends to support the Initiative.





What's the article about?

  • It talks about the approaches adopted in the recent the Digital Personal Data Protection (DPDP) Bill 2022

Relevance:

  • GS2: Government Policies and Interventions for Development in various sectors and Issues arising out of their Design and Implementation;
  • Prelims

Context:

  • India’s digital economy is set to reach a whopping $1 trillion by 2026. People are going digital rapidly for everything — from shopping and socialising to education and government services.
  • But, as we embrace convenience, we are also generating massive amounts of personal data. Understanding how this data is handled and protected is fast becoming critical.
  • Data protection and privacy are highly dependent on context, including the type of data collected, how it is collected, the intended use and the associated risks.
  • Due to these complexities involved in the data, there are two approaches that are followed in data protection and regulations legislation across the world:
    • Comprehensive approach: In this approach a single set of general rules are made which are applicable to all sectors.
    • Sectoral approach: In this approach sector specific exclusive provisions are made in the legislation.
  • A good data protection and privacy law is one that integrates both of these approaches together. In this article, the writer analyses the approach adopted by this draft bill.

Analysis:

  • The ambiguous language of the draft bill:
    • The current draft of the Bill tries to tackle the issue of conflicting sectoral regulations; in Section 29, it states that the provisions of the Bill will complement and not create exemptions from existing regulations, but in case of conflict, the Bill will take precedence.
    • The first part allows the Bill to fill in any regulatory gaps, but the second part raises concerns about sectoral regulations that may go beyond what the Bill provides.
  • On Sectoral approach:
    • Sectoral expertise offers a deep understanding of a particular sector, including its market dynamics, technologies, risks and business models.
    • It also enables regulators to engage with stakeholders and industry experts in a well-informed and productive manner.
  • Global Practices: The global community has adopted two major approaches to regulate privacy and protect data: comprehensive legislation and sector-specific regulations.
    • European Union’s General Data Protection Regulation (GDPR):
      • It embodies the comprehensive approach, offering the strongest and most stringent framework to date.
      • Despite being a comprehensive framework, it has specific provisions for certain industries such as health care (Article 9).
      • Additionally, GDPR also permits EU Member States to implement measures which go beyond the provisions given in the GDPR. For example, Germany also has Bundesdatenschutzgesetz (BDSG), which in some cases, has stricter provisions compared to the GDPR.
      • The European Data Protection Board (EDPB), made up of representatives from each EU member state’s data protection authority, provides guidance on the implementation and interpretation of the GDPR, including sector-specific issues.
    • American sectoral approach:
      • America follows sectoral approach only. This approach to data protection has been deemed flawed for various reasons, including inconsistent protection, problems in enforcement, overlapping and contradictory provisions, and a lack of federal regulation leaving certain sectors unprotected.
      • This creates confusion and coverage gaps for businesses, and there is no centralised authority to enforce data protection laws, leading to a lack of standardisation. Calls for a federal framework have become increasingly common, even in the United States.
  • India’s present status wrt sectoral approach:
    • In India, for example, we already have sectoral regulations regarding data protection such as the Reserve Bank of India’s directive on storage of payment data and the National Health Authority’s Health Data Management Policy.
    • These are the result of extensive industry consultations and expert input. Neglecting these regulations and establishing a new framework would undermine the considerable effort invested in their creation.
    • Any deviation from existing regulations will further require the industry to readjust their operations again at considerable cost.
    • The DPDP Bill, therefore, must serve as the minimum layer of protection, with sectoral regulators having the ability to build on these protections.
    • This framework will be especially useful in India where not all regulators may have the same capacity.

Way Forward:

  • Data protection is a complex subject and we must create room for sectoral experts to weigh in to safeguard the interests of citizens more effectively. This will ensure a safer, more secure, and dynamic digital landscape in the years to come.
  • Therefore, the current draft of the Bill, while a major step towards ensuring the protection of citizens’ personal data, needs greater clarity and specificity regarding the interaction with sectoral regulations; we need to draw from our experience to find the right balance.



Please Share with maximum friends to support the Initiative.

You might also be interested in:

Download the Samajho App

Join 5 lakh+ students in downloading PDF Notes for 2000+ Topics relevant for UPSC Civil Services Exam. &nbsp Samajho Android App: https://bit.ly/3H9hva1 Samajho iOS App: https://apple.co/3H8ZJE2 &nbsp Samajho IAS Youtube Channel (300K+ Subscribers): https://www.youtube.com/@SamajhoIAS