In the modern concept of a nation-state, sovereignty holds the highest virtue. Traditionally, sovereignty was defined as a state’s complete authority over its political and territorial structure. A complete sovereign state has the legitimate authority to change laws, policies, rules, regulations, management and administration of its domain. The de jure and de facto sovereign authority defines a state’s independence and power in the world. Similarly, as the digital global environment has advanced, data sovereignty has become another component that defines the authority of a state.
Therefore, it is critical for a sovereign state like India to ensure that the ultimate authority over India’s data remains within the nation.
A New Data Localisation Bill
While speaking at the launch of the Cytrain Setu, a Cyber-Security program under Mission Karamyogi, Ashwini Vaishnaw, the Minister of Communications, Electronics & Information Technology, stated that the government is working on a new legislative framework of information technology. He said that the new legislative framework on data, communication and information technology will be comprised of ‘special provisions for national security, external relations and war’.
He said, “the government intends to completely overhaul cyber laws. We will also be coming up with a new version of the data protection bill; a digital India Act is also being worked on. We are making the online world more accountable for what is published there”.
The withdrawal of the Personal Data Protection Bill, 2019
It is pertinent to know that a month earlier, the Modi government announced to withdrawal the proposed Personal Data Protection Bill, 2019. After the public deliberation of about three years, the IT Minister, Ashwini Vaishnaw in the withdrawal speech said, “Considering the report of the Joint Parliamentary Committee, a comprehensive legal framework is being worked upon. Hence, in the circumstances, it is proposed to withdraw the Personal Data Protection Bill, 2019, and present a new bill that fits into the comprehensive legal framework”.
It was stated that the Joint Parliamentary Committee on the bill has proposed 81 amendments and 12 recommendations to the comprehensive legal framework in India’s digital ecosystem. Consequently, the government intended to introduce a new data protection statute that included comprehensive data localization rules.
The Data Protection Bill aimed to ensure the data sovereignty of India
The Personal Data Protection Bill, 2019 aimed to ensure informational privacy as part of the Right to Privacy. As most of the BigTech companies store India’s data abroad, the bill required all fiduciaries to store a copy of all personal data in India.
The Personal Data Protection Bill, 2019 divided the Indian data into three distinct categories. It also mandated big-tech companies to create infrastructure for storage according to the nature of the data. The trifurcated nature of data is – Personal Data, Sensitive Personal Data, and Critical Personal Data.
Personal data are those which help in identifying individual identities like name and address. Sensitive personal data are inscribed with information related to finance, health, sexual orientation, biometrics, genetics, caste, religious belief, and others. Critical personal data has not been defined, but the data that has some impact on national security seems to be critical data.
Furthermore, the bill aimed to create the Data Protection Authority of India, which would function as an independent regulator like SEBI and TRAI. The Data Protection Authority had been mandated to prevent any misuse of personal data, ensure compliance with the provisions of the Act, and raising data protection awareness.
The Personal Data Protection Bill also sought to establish a data protection fund and an Appellate Tribunal, which would hear and dispose of the appeals from an order passed by the Authority.
Big-Tech’s Opposition to the Bill
It is critical to understand that in a new economic paradigm, individual data is sold in billions of dollars. Data privacy has effectively become a joke. Most of the Big-Tech multinational companies such as Google, Amazon, Meta, Apple, and Microsoft, are from the United States. These corporations operate globally and store the world’s data in their home country of America. Individual data is being processed by these BigTech companies in business, profession, research, education, media, development, science, and other security-related works.
Through statutory measures, the Personal Data Protection Bill, 2019, seeks to strengthen India’s data sovereignty. The mandated data localisation in the earlier bill would have completely dethroned the Big-Tech companies from data control. Consequently, they lobbied hard to amend the stringent provisions of the data localisation bill. As a result, in August of this year, the government was obliged to withdraw the law.
Now, after a month of withdrawal, Ashwini Vaishnaw is arguing to bring a more stringent comprehensive legislative framework on data protection with the Digital India Act. As time passes, the government is running late in ensuring the protection of Indian data. In this complete digital age, where the Indian economy is being driven by digital expansion, a minute of late is posing a year of loss. Government should bring the new data protection bill as soon as possible without jeopardising India’s digital sovereignty. A proactive law will not only save individual data but will also ensure India’s updated sovereign competence.
Support us to strengthen the ‘Right’ ideology of cultural nationalism by purchasing the best quality garments from TFI-STORE.COM