wordpress blog stats
Connect with us

Hi, what are you looking for?

“Deemed Consent” May Shape Personal Data Processing in New Draft Data Protection Law: Report

HT reported that the latest Data Protection Bill may contain a “deemed consent” clause to provide consent for data use beyond its initial purpose

The much-awaited draft data protection bill may contain a clause on “deemed consent” for processing personal data, Hindustan Times reports. This means consenting to voluntarily provide data that may be used for purposes other than what it was initially collected for.

2019’s iteration of the draft law stated that personal data can be processed for “the purpose consented to by the data principal or which is incidental to said purpose”. However, the upcoming draft may instead allow data access and processing for a “lawful purposes” or “incidental lawful purpose in a privacy preserving manner”.

This understanding of consent is visible across sections of the draft describing conditions for personal data processing. In particular, Section 8 of the draft may cover the concept in the upcoming draft, adds the report.


FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.


Why it matters: Such a provision may hamper the limited and purpose-driven use of data collected by data processors and controllers in India. “It would give free rein to one and all to collect data through the Hobson’s Choice of ‘take it or leave it’ and militates against the letter and spirit of Puttaswamy’s privacy judgment,” said N.S. Nappinai, Supreme Court lawyer, in conversation with Hindustan Times.

India’s data protection law has been in the making for over four years. The government withdrew the latest draft—the Data Protection Bill, 2021—in August this year, to pave the way for a modern data protection law that provides an ‘accessible, inclusive, and equitable structure’ for data protection and sharing. Going by the many hints dropped by the Ministry of Electronics and Information Technology (MeitY), the draft for this law is expected to be released this week.

Advertisement. Scroll to continue reading.

What does “deemed consent” look like in practice?

Hindustan Times illustrates with three examples, which appear to be laid out in the draft law:

  • Suppose a data principal provides a restaurant with their name and mobile for a reservation. In this case, the data principal will be deemed to have consented data sharing and processing “for the performance of any function of the state under any law including a provision by the state or any instrumentality of the state of any service or benefit of the data principal, issuance of any certificate, license or permit for any action or activity of the data principal”.
  • Suppose a data principal shares their name, phone number, and bank account number with the government for “direct credit for an agriculture scheme, the user will also be deemed to have shared the data for purposes that can include credit of fertilizer subsidy, compliance with a judgment or order issued under any law, responding to a medical emergency and for taking measures to provide medical service”.
  • Suppose a data principal shares their biometric data with an employer, they have also be deemed to have consented to data sharing “in public interest for prevention and detection of fraud, whistle blowing, network and information security, credit scoring, operation of search engines for processing of publicly available data, and recovery of debt”.

How may the draft approach data segmentation?

Previous drafts of the data protection law categorised data into personal, sensitive, and critical data—where sensitive and critical data enjoyed heightened protections. The upcoming draft does away with the categorisation, said sources aware of the matter speaking to Hindustan Times. The law may instead only refer to the umbrella term “digital personal data”. A recent tweet by Rajeev Chandrasekhar, Minister of State for Electronics and Information Technology, also dubbed the bill as the “Digital Data Protection Bill”.

However, Hindustan Times flags that the draft’s section on cross-border transfers of personal data mentions that “sensitive personal data” needs to be stored in India. The draft does not explain what the classification means, adds the report. Notably, Chandrasekhar had recently said that data localisation norms restricting cross-border data flows may be relaxed in the law.


This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Read More

Written By

Free Reads

News

The case dates back to 2019 when Spotify filed a complaint against Apple's anti-steering rules which prevented apps like Spotify from informing their users...

News

DIP contains information regarding cases detected as misuse of telecom resources and acts as a back-end repository of all requests received on the Sanchar...

News

Meta's transparency report reveals a sharp rise in GAC orders from India in January 2024, exceeding the overall monthly GAC orders sent in the...

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...

News

Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...

News

The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...

News

Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...

News

Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ