THE GIST of Editorial for UPSC Exams : 07 February 2020 (For a data firewall: On need for a data protection law (The Hindu))

For a data firewall: On need for a data protection law (The Hindu)

Mains Paper 2: Polity
Prelims level: B.N. Srikrishna committee
Mains level: Requirement of data protection law

Context:

  • According to German cyber security firm that medical details of millions of Indian patients were leaked and are freely available on the Internet.
  • The firm listed 1.02 million studies of Indian patients and 121 million medical images, including CT Scans, MRIs and even photos of the patients, as being available.

Key implications:

  • Such information has the potential to be mined for deeper data analysis and for creating profiles that could be used for social engineering, phishing and online identity theft, among other practices that thrive on the availability of such data on the Darknet.
  • It restricted computer networks which exchange information using means such as peer-to-peer file sharing.
  • The reason for the availability of this data is the absence of any security in the Picture Archiving and Communications Systems (PACS) servers used by medical professionals and which seem to have been connected to the public Internet without protection.
  • Public data leaks have been quite common in India — from government websites enabling the download of Aadhaar numbers to electoral data rolls being downloaded in bulk, among others.

Need regulation:

  • Unlike the data protection regulations in place in the European Union and in the U.S., India still lacks a comprehensive legal framework to protect data privacy.
  • The Draft Personal Data Protection Bill 2019 is still to be tabled but could enable protection of privacy.
  • The draft Bill follows up on the provisions submitted by a committee of experts chaired by Justice B.N. Srikrishna to the Ministry of Electronics and Information Technology in 2018.
  • The committee sought to codify the relationship between individuals and firms/state institutions as one between “data principals” (whose information is collected) and “data fiduciaries” (those processing the data) so that privacy is safeguarded by design.
  • While the 2019 version of the Bill seeks to retain the intent and many of the recommendations of the Justice Srikrishna committee, it has also diluted a few provisions.
  • The Bill tasks the fiduciary to seek the consent in a free, informed, specific, clear form (and which is capable of being withdrawn later) from the principal.
  • It has removed the proviso from the 2018 version of the Bill that said selling or transferring sensitive personal data by the fiduciary to a third party is an offence.

Way forward:

  • There are other substantive issues with the Bill pertaining to the situations when state institutions are granted exemption from seeking consent from principals to process or obtain their information.
  • Yet, considering the manner in which public data are being stored and used by both the state and private entities, a comprehensive Data Protection Act is the need of the hour.

    Online Coaching for UPSC PRE Exam

    General Studies Pre. Cum Mains Study Materials

Prelims Questions:

Q.1) With reference to the MWPS [Membrane-based Water Purification System], consider the following statements:
1. The Union Environment Ministry has published a draft notification that effectively prohibits users from installing MWPS [Membrane-based Water Purification System], mainly reverse osmosis, in their homes if the water has been sourced from a supply that meets the BIS drinking water norms.
2. Current Bureau of Indian Standards’ (BIS) regulations consider 500 mg/litre—1,200 mg/l of total dissolved solids, which consists of salts and some organic matter, as acceptable though there is no lower limit.

Which of the statements given above is/are correct?
(a) 1 only
(b) 2 only
(c) Both
(d) None

Answer: C
Mains Questions:

Q.1) What are the reasons behind the data protection law is important?