• Data Leaks: Penalties and Remedies

    By Zoya Verma, Step by Step School

    Noida, Uttar Pradesh | The Personal Data Protection Bill of 2019 is a necessary one now that the world is reliant on technology and there are so many websites that collect data, with or without one’s knowledge. The Rajya Sabha came together on 9th February to consider this bill, in the third session going on to talk about what would be done in the situations where data gets leaked.

    The motion for a moderated discussion on penalties and remedies in case of private data leaks was proposed by Shibu Soren, Biplab Kumar Deb going on to be the first speaker and suggesting that fines be imposed upon the perpetrators, as well as trials. These suggestions were later echoed by several other speakers. Sudhanshu Trivedi, the second speaker, advocated for compensation from the company from which the data was leaked. Digvijaya Singh called for a fine of 5-10% of the company’s annual revenue (earlier only 2-4% of annual revenue), and that there should be jailtime, varying based on the severity of the leak. Fouzia Khan established a similar point, saying that the penalty was currently inadequate and should be based on the severity of the crime, but also saying that the larger the company, the higher the penalty. After that, Shibu Soren took the floor, stating that jailtime should have a minimum of a year, followed by Ranjan Gogoi who proposed a data protection committee, something that other speakers, Ghanshyam Tiwari included, also suggested. Ranjan Gogoi also wanted repeated offences to lead to increased penalties. It was called upon to aid those most vulnerable to data scams and that users should be kept informed of what happens to their data by. The proposals that major companies should up their security after data breaches and that certain types of data should be stored anonymously, were given by Ashok Mittal. When this was questioned, Ashok Mittal clarified by giving the example of religious beliefs as something that should be anonymous. Under the circumstance of an extremely severe leak which affected over a thousand people, Rajeev Shukla called for a fine above the 4% limit (other delegates also wanted the limit to be raised or demolished) and wanted the integrity of the company leadership questioned, and if found guilty, the company was to be suspended. This was doubted by several members of the house, such as Fouzia Khan and Piyush Goyal, but Rajeev Shukla was quick to explain that the members of the company would be hinted at the suspension and provided with replacement jobs. S. Jaishankar suggested that instead of creating a new committee to handle data leaks, the fines should be taken up in court and the offenders should take up community service to compensate for the damage to society they caused, stating that money wouldn’t make up for the personal harm caused to many people.

    Most of the Rajya Sabha seemed to agree that the current penalties were unsatisfactory and provided several suggestions, the most common ones being increased fines and a committee to handle leaks.

    In the future, many of these new proposals are hoped to be implemented and included in the bill to ensure that data leaks will be correctly handled, and the criminals accurately punished.

  • Scrutinizing the multi-dimensional world of Technology

    By: Shashwati Singh, SBS Correspondent

    Step By Step School, Noida, 9th February 2023

    The delegates of the Rajya Sabha, have come together to have a dialogue of arguments about how far the Personal Data Protection Bill has come from 2019 to the bill’s, latest, fourth draft in 2022; on 9th February 2023 in Step By Step’s Tabla Room. This was only achievable, of course, under the guidance of several teachers, the Chairperson of the Rajya Sabha, and our wonderful OC members who helped make the Parliamentary discussion possible.

    These arguments were divided into 3 sessions, each consisting of a particular topic to talk about, with snack and lunch breaks in between for children to get a refreshing break. Each session started with a motion recommended by a delegate and according to a majority vote, it was selected as the way to proceed, if there was no one with a different motion to offer. Then the Chairperson decided the order of speaking, according to the people willing to speak. The first session contained talking about the opening statements of the delegates. While the second one paid attention to how the Data Protection Bill can come in handy in an emergency. Then last but certainly not least, the third session was about ‘Possible Penalties and Remedies regarding the Bill’.

    Looking at the third sitting of Rajya Sabha in detail, let’s glance at the opinions stated by the several delegates present there. The motion was offered by Shibu Soren of the Jharkhand Mukti Morcha and got a majority vote, so it was chosen as the way to advance. Going into the arguments, many speakers suggested that there be a Data Protection Authority (DPA) taken into consideration and put into action to ensure regulation of the Data Protection Bill’s rules. While several others added to the suggestion by advocating better ways to execute this plan, adding that the DPA be influenced neither by the Government nor the private entities at fault during a case in progress and at any point in time. They proposed that the committee be made of experienced data experts and ex-judges as well as exceptional lawyers. Numerous others also proposed that the fines for the companies found at fault should depend on the size of the company and how big the data loss is. Digvijaya Singh proposed that there shall be no limit depending on how big the company is but be fixed at 5% to 10% of the revenue depending on how big the impact is, and all companies, even start-ups shall come under this clause. Speakers recommended that imprisonment be necessary for individuals at fault. Rajeev Shukla suggested that in case of severe leaks by big companies, they be penalized with the suspension of the whole company and when questions were raised he answered, “The employees will not lose jobs as they will already get a hint and leave the job because if a company is taken to court, people will realize that they committed some wrongdoing and that the company will eventually shut down. Even if they don’t get a hint, then too, as the big company is suspended there will be a huge space left in revenues by it which will give other companies in the field, an area to expand, eventually making them take in more employees.”*. Piyush Goyal took a different angle looking at prevention rather than penalties, saying that we should educate people who cannot access information about data protection, as they are the most vulnerable, he also advised that as fiduciary duty, the companies must inform individuals about every processing, and other effects, happening with their data.

    In the future, many of these new proposals are hoped to be implemented and included in the bill to ensure that data leaks will be correctly handled, and the criminals accurately punished.

    On the 10th of February 2023, the Rajya Sabha looks forward to proceeding with the 4th, 5th, and 6th sessions tomorrow with the same schedule and venues which will be followed by the closing ceremony starting from 1:30 p.m. at the Studio Theatre.

    * = These are not the exact words but exactly what was conveyed during the discussion with no filter added whatsoever.