top of page
The Legal Journal On Technology

Comparative Analysis of Data Protection Laws between India and United Kingdom

This Article is written by Priyadarshini Goenka, A first year student at National Law University, Odisha




INTRODUCTION

The Indian Government- through its legislation of the DPB (Personal Data Protection Bill) has helped in various processes that involve the collection, processing, storage, usage, transfer, and disclosure of various personal data of its individuals. The above bill has proved to be an important development for managers existing globally despite its regional nature and has several features that require companies to make specific changes in their respective business models, practices, and principles.[1]

U.K.LAW- Accordingly, the GDPR came into full effect as on 25th May 2018 wherein all the countries of Europe were ensured with the ability to introduce changes as per their needs. Within the UK in particular, this flexibility helped in the creation of DPA 2018 that helped replace the previous DPA of 1998 that provided both protection and privacy of data to its people. The above-discussed act requires all such persons and organizations to register with their respective information commissioner who is appointed for the purpose to oversee the same and can put restrictions on the collection of data.

DATA PROTECTION LAWS- THE OVERALL GUIDE TO GDPR COMPLIANCE IN THE UK

It was the day of May 25th, 2018 after years of preparation that finally came to a halt, especially across Europe’s planned data setup that protection reforms were enforced. The overall concept of GDPR had been mutually agreed upon and was applicable for around two years with some that were long back drafted in the 1990s and had modernized the laws that aim to protect an individual’s data-related information. Such a new regulation induced drastic changes but did help build on previous data protection principles that led to many people in the world focusing hugely on the same importance including UK’s information commissioner Elizabeth Denham to liken GDPR’s evolution.

DATA PROTECTION ACT 2018

It’s the United Kingdom’s Act of Parliament that brings up-to-date data protection laws and is viewed as a national law that enhances the EU’s GDPR thereby substituting the previous DPA 1998. It has seven components and introduces new offenses. Essentially it enforced the EU enforcement Directive and created a framework like the GDPR for the processing of information that was outside its scope like immigration and intelligence service processing, and processing of private information control in unstructured kind by public authorities. The implementation by the Information Commissioner’s Office is maintained by a data protection charge on UK’s data controllers that operate under the Data Protection (Charges and Information) Regulation 2018 wherein exemptions from charges were left similar to the previous one.

ADDITIONS

The current DPA 2018 is an advanced modification of its initial DPA 1998 that had incorporated the significance of organizations being responsible at the same while being answerable with the information thereby refining their confidentiality. The later revision works in tandem with the GDPR which 1998 didn’t function as. The review permitted the lawmakers to make an addition in the ability to erase any data that its individuals chose to and is based on the premise of privacy rights. The version of 2018 allowed people to have a clear understanding of its proposed exemptions which had been uncertain in the 1998 version[2].

DATA PROTECTION LAW AFTER 31 DECEMBER 2020: DOES THE GDPR APPLY TO THE UK AFTER BREXIT?

The answer is negative, the proposed GDPR doesn’t apply in the UK from the time the Brexit transition ended on 31 December 2020. Though the Uk’s DPA that came out on 1st January 2021, the DPPEC (Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU exit)) Regulations 2019 amended the DPA 2-18 thereby merging the same with the requirements put forth by EU GDPR to form a new, UK specific data protection regime that is commonly identified to as ‘the UK GDPR’.

HOW INDIA PLANS TO PROTECT CONSUMER DATA THEREBY ENSURING ITS DATA PROTECTION

In the year 2017, the SC ruled the right to privacy as a constitutional right where each individual leaves a noticeable trail of private data while it navigates into the digitalized world. DPB seeks to protect and safeguard our rights thereby controlling the right data wherein new regulation would affect the cost-benefit of the digital firms which most often get devoid of money but focus on generating profits from the sale and exploitation of its customer’s data. Taking further account of the backlash that had established the new Privacy Policy Terms was expected to come into force from 15th May of this month.

NATIONAL LEGISLATION

Our Country has not been part of any convention that deals with data protection which is equivalent to neither the GDPR nor DPD. Despite its engagement at these conventions it has adopted or acts as a party to other international declarations and conventions that include UDHR and the ICCPR that identifies our privacy rights. India hasn’t yet brought forward any particular legislation but did move on to amend the IT Act, 2000 that consists of Sections 43A and Section 72A that takes into consideration the right to compensation for improper disclosure of our personal information. We have also brought forward a biometric-based unique identification number known as ‘Aadhaar’ that is regulated by the Aadhaar (targeted delivery of Financial and Other Subsidies Act) 2016 (“Aadhaar Act”).

RELEVANT LEGISLATION AND COMPETENT AUTHORITIES

At present, India is lacking both comprehensive and dedicated data protection legislation. Few provisions of the IT Act, 2000 that went on to amend the desired provisions from time to time such as the (“IT Act”) and IT ((Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules) which were framed with the view to protect all our personal information (“PI”) and sensitive data and information (“SPDI”). A few days back our Government had brought the PDA Bill in front of the Parliament which is still pending consideration before a Joint Parliamentary Committee to see the light of the day. Even though the above bill hasn’t yet been enacted but it is envisaged that it will soon bring about a positive insight.

CONCLUSION

The DPA 2018 takes into the care of all such provisions that help control our personal information which is often used by different organizations, government, or even for business purposes. Under the proposed bill each one of us is made responsible for using such relevant data and is made to abide by certain strict rules regarded as ‘ data protection principles. In specific, it deals with information that should be ensured fairly, lawfully, and transparently, used only for specified and explicit purposes, used in a way wherein information seems adequate and relevant to its necessary content, the data that is no longer needed should be discarded and such data is to be used appropriately thereby ensuring protection against its unlawful usage. It deals with stronger legal protection for especially sensitive information that includes several factors like ethnicity, race, political views, religious beliefs, genetics, health, sexual orientation, etc.

OUR SET OF RIGHTS

Under the proposed act of 2018 one is expected to find the relevant information that is taken care of by the government and other organizations such as the right to be informed how my data is being used, easy access of my data, up-gradation of incorrect data, erase unnecessary data, the stoppage or restriction of the data being processed, etc. Further, we have rights when any specific organization is using my data like the automated decision-making process that doesn’t involve human interaction as well as the profiling which helps to predict our behaviors or interests[3].

AN OVERVIEW OF DATA PROTECTION REGIMES

The recent advent of proposed WhatsApp’s updated privacy policy has brought into our view all the legal loopholes that the Indian DPA deals with. The immediate need is a revised and updated change in all those laws that helps prevent the possible infringement that takes place with our WhatsApp’s new privacy policy.

PDA BILL- INDIA’S PRESENT STATUS OF THE LEGISLATION AND DATA REGULATION REGIME

It’s been a year already that our Government had introduced the Personal Data Protection Bill 2019 in Parliament, Despite its introduction, there is an existing confusion to the actual enactment and implementation of the proposed legislations’ final version. There haven’t been any new updates as the law is still stuck in the parliamentary proceedings and its formalities are in the care of the final stage of parliamentary review that is looked upon by a separate Joint Parliamentary Committee. In an attempt to complicate things even more, various parallel initiatives aim at data regulation by various Governments. Departments have increasingly created a rather possibility of growing into an arena of conflicting regulatory initiatives rather than promoting innovation and facilitating new business. Recently, on 16th December 2020, the Ministry of Electronics and Information Technology (“MEITY”) that comprised a Committee of Experts on Non-Personal Data (“NPD”) that had released its report wherein it recommending the introduction of legislation governing NPD. In December 2020, a member of the Joint Parliamentary Committee that represents the government went on record to claim that the Personal Data Protection Bill wouldn’t be enforced in the current form.[4]

[1] Vijay Govindaranjan, Anup Srivastava and Luminita Enache, How India Plans to Protect Consumer Data, Harvard Business Review, (Dec. 18 2019), https://hbr.org/2019/12/how-india-plans-to-protect-consumer-data.. [2] Data Protection Act 2018, Wikipedia, ( April 8 2021), https://en.wikipedia.org/wiki/Data_Protection_Act_2018. [3] Data Protection, GOV.UK, https://www.gov.uk/data-protection#:~:text=The%20Data%20Protection%20Act%202018%20is%20the%20UK's%20implementation%20of,used%20fairly%2C%20lawfully%20and%20transparently. [4] Salma Waris, Personal Data Protection Bill-Status Of The Legislation And Data Regulation Regime In India, TechLegis, (January 26 2021), https://www.mondaq.com/india/data-protection/1022956/personal-data-protection-bill-status-of-the-legislation-and-data-regulation-regime-in-india

94 views0 comments

Recent Posts

See All

Cross-Border Data Transfers in DPDP Act

By Uddhav Gupta (2nd Year MNLU , Nagpur) The DPDP Act  establishes a framework which safeguards digital personal data in India. It...

Comments


bottom of page