As a Cyber Security Expert, I was concerned about the Data Protection Bill of India, and, Finally, The Ministry of Electronics and Information Technology moved a step ahead.
In this post, we will discuss how the bill is effectively helpful for individuals and how much pressure it may create for the IT industry in India.
Of course, I am not an expert on digital laws, but as an Ethical Hacker, I have spent my time in European Bug Bounty Platforms and the Underground Hacker's Market Places. I also have good knowledge of the countries that deal with data protection.
Previously many IT laws appeared with a bang and were withdrawn silently; however, this bill is heavily inspired by the EU GDPR. Still, not enough. It has to implement a lot.
Digital Personal Data Protection Act, 2022.
We are not Going to explain each and every line of the Act, but a quick overview. If you want to explore, you can refer to meity.gov.in
Overview
- There will be a separate board for Data Protection by the Government of India. Called "Data Protection Board of India" for taking accountability for those who did not follow the Act
- The Personal Data can be processed for lawful purposes only. That means a data firm may collect data and process it as long as it doesn't go against the law
- Before asking for Personal data, the companies must tell the users why they collect data.
- The Data Processors (Companies) must take strict security safeguards to prevent data breaches.
- Companies should ensure they have the Data Protection Officer responsible for answering the Question of Data Protection.
- In Case of a Data Breach, the Companies (Data Processors, Every Data Fiduciary) have to report to the Board.
- Companies should remove the personal data of their users if that is no longer necessary for their business purposes.
- When Processing a child's data, companies should ensure they have gone through parental consent and ensure there will be no harm or targeted advertising.
- The Transfer of Personal data outside India has limitations. Still, it has exceptions for Claiming legal rights, processing by the court, or In the interest of detection, prevention, investigation etc., by the Government.
- There will be heavy penalties if any Company, Business doesn't follow this Data Protection Act.
Since this is a quick overview, There are many other terms and conditions that we did not mention, as our aim is to give an overview of the act,
My Views
As we know, there are over 76 crores (760 million) active internet users in India, and over the coming years, this is expected to reach 120 crores (1.2 billion). Govt is taking a good step to protect citizens' personal data.
Some people don't even know how their data is sold, marketed, or used for fraud.
If we look broader side of the Internet, there are many underground marketplaces for Hackers, where they buy and sell people's personal data by hacking into companies, and of course, Indian Company data is being published for free as no one cares for Indian Companies, and they don't have enough budget for a Ransomware Attacks nor to Protect their Infrastructure, India's Data Protection act is relatively weak before
European Nations have strict data protection rules. We had seen how the internet was banged when the GDPR rules were introduced. There are strict rules regarding privacy, and companies have to pay heavy penalties if they get breached, whereas, in India, the Companies Bravely deny the data breaches.
In European countries, companies take cyber security seriously to protect their infrastructure and even encourage white hat hackers to hack into their Applications and reward them for their findings, whereas in India, the reported bugs take years to patch or never be fixed.
There are many things that the Indian Government should look into. For suppose, when registering a new Domain name, European Companies hide the Whois info and protect the owner's privacy. In India, we have to pay extra fees to protect our privacy.
However, there are many factors to discuss, compare and make it much better. Some of my views sound like satire. For some, it might be interesting.
Let me know your thoughts in the comments section.