What is Data protection authority (DPA)?
-
The Personal Data Protection Bill recommends setting up of a statutory regulatory authority (SRA) called Data protection authority.
-
It is empowered to take steps to protect the interests of individuals, prevent the misuse of personal data, and ensure compliance with the Bill.
-
Given that data is an integral part of our lives now, probably every Indian and every commercial activity would be in the DPA’s ambit.
What are the powers given to DPA?
-
Legislative Powers:
-
DPA can draft regulations to carry out the provisions of the Bill. These will have force of law.
-
This means that most of the obligation and rights related to data protection will be based on these regulations and not on the parliamentary law.
-
-
Executive Power:
-
It has the power and the duty to promote good data protection practices and also facilitate their compliance
-
Bill give wide powers to DPA.
-
-
Judicial or quasi-judicial Powers:
-
DPA will have the powers of a civil court to call for information, as well as conduct inquiries on data fiduciaries.
-
It can under extreme cases even deny the right of any entity to carry out the business of a data fiduciary.
-
This can violate the Fundamental Right to do commerce through internet (Article 19).
-
It can impose penalties for non-compliance.
-
What are the apprehensions regarding its powers?
-
It is empowered to legislate, implement the legislation(executive function), as well as adjudicate on disputes on the very legislation that it writes and enforces. Thus it compromises the separation of power (part of basic structure of constitution).
-
The Supreme Court (in 2004) stated, in the context of the SEBI Act, that ‘Integration of powers by vesting legislative, executive & judicial powers in the same body, in future, may raise several public law concerns’.