Welcome to Drishti Judiciary - Powered by Drishti IAS
         









Home / Current Affairs

Miscellaneous

Debate Over Definition of Child in Data Protection Bill 2022

    «    »
 17-Jul-2023

Why in News?

  • The Data Protection Bill, 2022 could empower the Centre to lower the age of consent for accessing Internet services without parental oversight to below 18.
  • The change is in line with data protection regulations in the European Union and the United States.

Background

  • The government introduced the Personal Data Protection Bill, 2019 in the Lok Sabha in 2019.
  • However, the bill was withdrawn in August 2022 citing the inadequacy of the provisions in meeting global standards regarding data privacy.
  • The Data Protection Bill has been introduced 3 months (in November) after the withdrawal of the Personal Data Protection Bill, 2019.
  • The proposed bill would provide predictability of law and enable the companies to align their policies in consonance with the proposed legislation.
  • The Union Cabinet approved the draft data protection bill on 5th July 2023.
  • The approval paved the way for its introduction in the Monsoon session of Parliament.
  • If passed, the law will become India’s core data governance framework, six years after the Supreme Court declared privacy as a fundamental right in matter of Justice K. S. Puttaswamy v. Union of India (2018).

Changing Definition of a Child

  • Justice BN Srikrishna Committee Report, 2017

The Report relied on the definition of majority under the Indian Contract Act, 1872 and recommended that for individuals under 18 years of age, entities seek parental consent.

  • Personal Data Protection Bill, 2019

This Bill defined a child as an individual under the age of 18 years.

  • Joint Committee of Parliament, 2019

It proposed that the definition of children should be restricted to 13/14/16 years of age.

  • Digital Personal Data Protection Bill, 2022

Under this, children were defined as those under 18 years of age.

  • Final Change (Data Protection Bill 2022)

Under the Bill that received the cabinet’s nod earlier this month, the definition of a child is understood to have been changed to an “individual who has not completed the age of 18 years or such lower age as the Central Government may notify”.

Legal Provisions

Data Protection Bill, 2022

  • The Bill is a key pillar of an overarching framework of technology regulations the Centre is building which also includes the Digital India Bill — the proposed successor to the Information Technology Act, 2000; Indian Telecommunication Bill, 2022; and a policy for non-personal data governance.
  • Data Protection Board: The new bill seeks to establish a Data Protection Board (DPB) with the purpose of adjudicating on the matter of data protection.
  • Data Protection Officers: It also seeks to establish Data Protection Officers or independent data auditors by companies of large size with the objective of verifying the compliance of the law by the institutions concerned.
  • Data Principals:
    • The data principals were given additional rights with respect to their personal data.
    • The data principals can ask the companies concerned to erase or delete their data.
    • Data Principal means the individual to whom the personal data relates and where such individual is a child it includes the parents or lawful guardian of such a child.
  • Obligation on Companies: This bill laid an additional layer of obligation or duty on the companies with respect to data and the companies will not be obligated to keep user data that no longer serves a business purpose.
  • Security:
    • The new data protection law came out with the intention to provide an additional layer of security for the personal data of the citizens.
    • Companies should not process personal data that could harm minors (children under 18 years of age).
  • Cross-Border Data Flow: The new bill also relaxes the norms related to cross-border data flow as this was a matter of concern for big tech companies.
  • Provisions for Breach:
    • The bill also enumerates the conditions under which proposed legislation can be breached by the government agencies in case of exigencies like:
      • Sovereignty and integrity of India
      • Security of the state
      • Friendly relations with foreign states
      • Maintenance of public order or preventing incitement to any cognizable offence.
  • For the benefit of end users, a sort of deterrent has been provided for data leakages by imposing high penalties in case of a breach.
  • Right of Data Portability not included:
    • The right to data portability that was provided in the previous version has been done away with.
    • Right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
  • Consent:
    • The ‘deemed consent’ has been introduced to cover non-consent-based grounds for processing data.
    • There is also a provision of consent for data sharing and only when the permission is given by the end user, the data can be written.
  • Recognition of ADR: There is recognition of alternate dispute resolution processes like arbitration.
  • Hardware certification and algorithmic accountability are also eliminated in the new proposal, and it also eases compliance requirements for start-ups.

Justice K. S. Puttaswamy v. Union of India (2018)

In this case, a nine-judge bench of the Supreme Court unanimously held that Indians have a constitutionally protected fundamental right to privacy that is an intrinsic part of life and liberty under Article 21.