 "Data protection bill widens the scope of 'deemed consent' for govt schemes")
The proposed Data Protection Bill may make processing an individual’s personal data shared for a specific programme as deemed consent for all government schemes. This is part of the draft Bill seen by Business Standard.
In other words, agreeing to share the personal data for a specific government benefit programme implies that the individual has given deemed consent for the use of the data in determining eligibility for other schemes.
This is an addition to the ‘deemed consent’ aspect of the Bill, which has been a contentious issue during consultations. The ‘deemed consent’ provision was not part of the last draft of the Digital Personal Data Protection Bill, 2022.
Such a provision, if included in the Bill, will have serious repercussions, particularly concerning security and privacy, legal experts and specialists said. The experts, who did not wish to be identified as the Bill is yet to be tabled in Parliament, said the logical approach was to have consent of the individual every time the data is used.
“If this does happen, this will nullify some of the potential benefits the Data Protection Bill intends to bring. It does not matter if it’s restricted to government schemes or to private companies,” said a senior legal expert.
Salman Waris, managing partner at law firm TechLegis, said the deemed consent aspect in the Bill had always been a contentious issue. “Technically, it is assumed that one gives consent for a specific purpose. It cannot be taken for one case and then applied to other schemes. This raises two concerns — security and privacy,” he added.
Recent data breaches have been of government websites such as AIIMs, CoWin.
More From This Section
“The other concern is privacy, which is what the Bill is all about. One of the biggest concerns is who processes the data. Now with ‘deemed consent’, my data is shared for all applicable government schemes. In such a scenario, what happens to my privacy is a question,” said Waris.
The updated draft may also empower the government to lower the age of consent from 18. The draft also exempts certain companies or data fiduciaries from additional obligations to protect children’s privacy if they process their data in securely.