Transfer of personal data under the UN treaty will be under domestic laws: India
Context
India has suggested that the transfer of “personal data” under the convention will be done in line with the country’s internal laws and not other applicable international laws at the international forum where United Nations member states are negotiating a pact to combat cybercrimes.
What is the Budapest Convention on Cybercrime?
- Since May 2021, the UN has been debating a global treaty on cybercrime. It would be the first legally binding UN document on a cyber issue if it were approved by the UN General Assembly. The treaty seeks to allow for the investigation and prosecution of cybercrime as well as harmonize domestic criminal law aspects of cybercrime.
- The Budapest Convention on Cybercrime is another name for the agreement. In November 2001, it was made available for signature in Budapest. The agreement addresses offences perpetrated through computer networks, such as:
- copyright violation
- fraud involving computers
- child Pornography
- Deficiencies in network security
- According to the treaty, each party must implement legislation and other measures to make unlawful deliberate access to all or a portion of a computer system a crime under domestic law.
- Denmark, the Dominican Republic, Estonia, and Finland are a few nations that have accepted the agreement.
Domestic Laws vs. International Laws:
- India has urged that the proposed cybercrime agreement should conform to the domestic laws of the country rather than other relevant international laws. India’s aim to maintain control over the handling and cross-border transmission of personal data is highlighted by this stance.
Impact of the Digital Personal Data Protection Act
- The Digital Personal Data Protection Act of India, passed by Parliament in August, significantly influences the country’s position. The Act permits the processing of personal data to meet legal duties as well as protect India’s sovereignty, integrity, and security. This demonstrates how India prioritizes national security issues when it comes to data privacy.
Data Disclosure Requirements:
The Act requires businesses to inform users of the names of any other businesses that will be handling their data. It further emphasizes the importance of national security by explicitly excluding the disclosure or sharing of such data in the case of authorized data interception.
Review of UN Cyber Crime Agreement:
The Union Home Ministry of India has examined the UN Cyber Crime Convention’s draft to determine what modifications would need to be made to current procedures if India signed and ratified the agreement. This exemplifies India’s proactive strategy for bringing its domestic legislation into compliance with international agreements.
Removal of the Multilateral Arrangements Clause:
India has asked that the convention’s provision encouraging states to “establish multilateral arrangements” for the transmission of personal data be removed. This could be interpreted as India favouring bilateral agreements or wanting more control over data transfers.
Prior Written Consent for Data transmit:
India has agreed to a provision that state parties may only transmit personal data to a third country with the original transferring state party’s prior written consent. This implies that while India is amenable to data transfers, it wants to make sure that they are governed by stringent checks and clearances.
Conclusion:
In conclusion, India’s approach to the talks on a treaty against cybercrime demonstrates its focus on national security and sovereignty when it comes to handling and sending personal data. It aims to find a balance between safeguarding its own interests and data security with global cooperation in fighting cybercrime. The way other UN members react to India’s offers and issues will probably determine how these negotiations turn out in the end.
