Although the Bill has introduced basic rules for the storage, use and destruction of personal information towards data protection, these provisions are incomplete.
We use Google Cloud Translation Services. Google requires we provide the following disclaimer relating to use of this service:
This service may contain translations powered by Google. Google disclaims all warranties related to the translations, expressed or implied, including any warranties of accuracy, reliability, and any implied warranties of merchantability, fitness for a particular purpose, and noninfringement.
The 72-hour time period given for amendments to the 'Information Technology and Cyber Security Bill, 2082', registered in the House of Representatives, is ending on Sunday. Meanwhile, Digital Rights Nepal, an organization of digital rights activists, published an analysis of the bill and concluded that some of the provisions contained in it are unclear, incomplete and problematic.
Freedom of expression, data protection, liability of service providers, domain name management, legal protection against gender-based violence and other issues have been suggested for improvement. According to
analysis, section 88 (1) of the bill states that the production or transmission of obscene material through any electronic system or means is punishable by imprisonment for two years or a fine of two lakh rupees, but there is no definition of 'obscene material'.
"This section may be misused if a regulatory body deems the creations published in the media, expressed by ordinary citizens, or created by an artist expressing his imagination to be obscene," the analysis states, "This may have a direct impact on freedom of expression, artistic freedom, and the right to present independent ideas in digital media." "There is no provision in the bill about the rights of data holders in personal details and information," the analysis says, "The right to access to data, the right to correct incorrect data, the right to delete your data, the right to stop or oppose the improper use of your data, and the protection against automatic decision/profiling are not covered."
Data related to sectors like health, finance, telecommunication, education are sensitive data. However, no special security measures other than 'encryption' have been provided for such sensitive data. It warns that a data breach or misuse could result in huge losses. Although Article 65 of the
bill stipulates that the service provider should keep the user's data only for a 'specified period', it has been commented that it weakens the basic principles such as 'data minimization and purpose limitation' as it is not clear which body will determine the period. It is also mentioned that the
bill does not address gender violence through the use of technology such as cyber stalking, sextortion, cyber bullying.
