I got that feeling after reading the following :
Extract :
Crimes :
Include obtaining, transfer,
disclosure and sale of personal and sensitive data, if it
causes harm to the person whose data it is (data principal), and
re-identification and processing of previously de-identified personal data.
[ How a citizen will ever get
to know that someone to whom he gave personal data , has caused him harm ,
through misuse of data ?
How must this aggrieved
citizen go about to “ prove “ that a “ harm “ has been caused to him by
such misuse ? Would he even remember
to whom did he give what personal data – and for what legitimate
“ use “ ?
By filing court cases against
200 search engines / mobile apps / e-com sites / govt agencies ? ]
Punishment :
For “ intentional
or reckless behaviour ” that leads to the crimes, which it wants to be made cognisable
and non-bailable.
In case the crime has been
committed by a company or body corporate, including government departments, the
responsibility would lie with the person in charge of conducting the company’s
business or the head of a government department.
[ If such a “ transfer / sale /
disclosure “ of personal data cannot be proved to have caused “ harm “, will that
behaviour not be “ intentional or reckless “
? ]
Compensation :
To be paid to “ data principals “ in case any harm is caused to them
for infringement.
[ Who decides
what was the “ quantum “ of harm
and what is the commensurate “ quantum “ of compensation ? Won’t this differ from one case to
another ? ]
Absolves :
The in-charge of all
responsibility if he or she shows that the crime was committed
without his/her knowledge or that all reasonable efforts had been taken to
prevent the crime from being committed.
[ All data flows from one computer to another computer or even
to some other
internet-connected device , such as a car /
refrigerator / smart watch / TV etc .
Most of the time such transfers are happening round the clock, with no
one watching /
no one knowing / no one asking for any
permission from anyone !
According to one expert , by 2022 , there will be 50 internet connected devices in each
home ( IoT – Internet of
Things ) – each sending out a lot of your personal /
private
data, to their respective manufacturers / ISPs / Operating Systems )
Will anyone know what device is sending out which information to whom and when ? ]
Data collected under Aadhaar :
Would be out of the scope
and purview of the proposed law.
This recommendation may
not find favour with those who have opposed the unique identification system on
the ground that the collection and dissemination of Aadhaar data leaves
citizens vulnerable.
[ What about Aadhar-linked data collected by government agencies for
hundreds of
Direct Benefit Schemes , which
it has shared with Banks and Financial Institutions ? ]
Registration
:
All
data collectors would have to get registered with the DPA.
[ Each
and every business establishment which is selling any product or service , online
(
includes all search engines / e-com sites / mobile apps ), will need to
register .
Soon that will cover 50 million MSME
of India !
Would this cover all FOREIGN
data collectors as well over which Indian Laws have no
jurisdiction ? Is
this , at all practical / feasible ? ]
========================================================
Data Ombudsman :
To
adjudicate complaints between “ data
principals “ and “ data fiduciaries “
Appeals
against orders of the data ombudsman will be made to an appellate
tribunal.
The Supreme Court will hear
appeals against orders of this appellate tribunal.
[ How many
years will it take for the complaint to travel from Ombudsman to
Appellate tribunal to Supreme Court ?
My
guess :
15 years ]
Could we have
anticipated these “ questions “ while drafting the Law ?
And found
some practical “ answers “ to those questions before
opening up the Pandora’s Box ?
Possibly ,
if the policy makers :
and the
members of SriKrishna Committee :
had
carefully read my following emails – especially my oft-repeated suggestion to
induct some
IT technocrats (eg: Nandan Nilekani / nandan.nilekani@nic.in ) in the
Committee
There is a
possibility that the Hon Judges of the Supreme Court found time to read my
emails –
in which case , they might ask these questions to the Government
advocate , when the first case
reaches its doors !
( 1 ) Privacy ? What is that ? [
04 May 2017 ]
( 2 ) Delusion of Privacy ? [ 10 June 2017 ]
( 3 ) 2024 ! – V 2.0 of Orwellian 1984 ? [ 07 July 2017 ]
( 4 ) Privacy ? Perish the Thought ! [ 18 July 2017 ]
( 5 ) #RighttoPrivacy ! Thank You Your Honours ! [ 19 July 2017 ]
( 6 ) Privacy does not live here ! [ 22 July 2017 ]
( 7 ) Future is Nearer ! [ 31 July
2017 ]
( 8 ) Three got it Right ! [ 02 Aug 2017 ]
( 9 ) My Birth-Right : Trying to Influence [ 04 Aug 2017 ]
( 10 ) https://myblogepage.blogspot.com/2017/08/wwwprivacyforsalecom.html [ 26
Aug
2017 ]
( 11 ) Right to Sell My Soul ? [ 27 Aug 2017 ]
( 12 ) A Fool’s Paradise ? [ 29 Aug
2017 ]
( 13 ) Aadhar - for HR ? [ 02 Sept 2017
]
( 14 ) Wherefore Art Thou, O Romeo ? [ 20 Sept 2017 ]
( 15 ) Data Privacy : We are getting overtaken ! [ 26 Sept 2017 ]
( 16 )
7
Pillars of Data Protection Law [ 27 Nov 2017 ]
( 17 )
Just
Ask Google ! [ 28 Nov 2017 ]
( 18 ) Here is the Proof [ 30 Nov
2017 ]
( 19 ) Data Protection without Data Privacy ? [ 08 Jan
2018 ]
( 20 ) PRIVACY : A Lost Battle [ 15 Jan 2018 ]
( 21 ) Aadhar : Supremely Satisfying ? [ 19 Jan 2018 ]
( 22 ) Aadhar Fact : Privacy Fiction ? [ 19 Jan 2018 ]
( 23 ) Aadhar : Dawn of Realism ? [ 23 Jan 2018 ]
( 24 ) Oh ! for some learned arguments ! [ 25 Jan 2018 ]
( 25 ) Aadhar : Supreme Asks : What if ? [ 30 Jan 2018 ]
( 26 ) A Hostile Advocate ? [ 07 Feb 2018 ]
( 27 ) Big Brother is watching us ! And how ! [ 09 Feb 2018 ]
( 28 ) Nightmare ? #Aadhar #Privacy #DataProtection [ 04 March 2018 ]
( 29 )
A
Drop in the Ocean ? [ 20 March 2018 ]
( 30 )
Trade
Off : Privacy vs LiveEasy ? [ 25
March 2018 ]
( 31 )
From
Tele-phony to Tele-Empathy ?
[ 27 March
2018 ]
( 32 )
Facebook
Replies [ 29
March 2018 ]
( 33 )
How
Do You Control Wind ? [ 11 April
2018 ]
( 34 ) Dear
Hon CJI , Shri Dipak Misraji [ 13 April
2018 ]
( 35 ) Parekh’s Law of #Privacy ? [ 15 April 2018 ]
( 36 ) Facebook : The Formidable [ 27
April 2018 ]
( 37 ) Everything
You Do ? [ 03 May 2018 ]