NS Nappinai, an advocate of cyber law on Tuesday said that the current draft of Personal Data Protection Bill is tougher than the 2018 draft.
The draft Personal Data Protection Bill, 2019, which is likely to be introduced in the Lok Sabha in the next couple of days, bars storing and processing of personal data by entities without the explicit consent of an individual.
Nappinai said, "The move from the autonomy of individuals to privacy and recognition explicitly which is already there from the old draft of privacy as a fundamental right. I feel it is a much stronger position rather than merely talking about the autonomy of individuals."
She further added, "There is a lot of change in terms of the data localisation provisions. One, there is no data localisation limitation for personal data. With respect to sensitive personal data as well as critical data where there was an absolute restriction with respect to critical data saying it cannot be transferred at all outside India."
"There is sufficient leeway for transfer of both sensitive personal data as well as critical data. I feel the real issue here is that when we come to critical data, the provision seems to be much more loosely worded than for sensitive personal data. That is surprising as I would believe that critical data is a much tighter and a smaller category of sensitive personal data," she said.
"The difference is for sensitive personal data as they say it will apply to the processing and storing, whereas for critical data, it is only referring to processing and not to storing. The issue that may arise then is that people may claim that the limitation is only with respect to processing and not for storing which will then defeat the very purpose of creating a separate category of critical data. I believe this is one provision which should definitely be relooked and relooked very closely," she added.