The data protection bill is in the anvil. As per press reports it is likely to get passed by the parliament in this monsoon session. As already mentioned in my earlier note, provisions of the proposed bill will not apply uniformly to all classes of Data Fiduciaries, and the power to designate them will rest with the Central Government. The purpose of this note is to discuss the likely provisions (mentioned in Section 17, Subsection 3, Page 12) of the bill that might not be applicable to some Data Fiduciaries and the implications of this circumvention on the common man.
Processing Without Notice [Section 5, Page 4]
Such designated Data Fiduciaries (agency processing data) will not be required to give any notice to Data Principal (the user) for processing his/her data. Normally this notice informs the user – a) of the purpose for which his/her personal data is processed; b) about his/her rights of withdrawing such request; c) about his/her rights of registering a grievance and seek remedies for any breach any of his/her rights empowered by the act.