India Takes Steps to Protect Personal Data with New Data Protection Bill
Introduction
What does India’s 2023 data protection bill refer to?
On July 5, the Union Cabinet approved a bill that essentially enables laypeople to complain to the Data Protection Board of India, which is created up of technical experts designated by the government, if they have reason to suspect that their data, which includes cell phone numbers, has been used without their consent.
Government publishes a draft Digital Personal Data Protection Bill.
The Indian government presented the Digital Personal Data Bill 2022 draft. This Act targets to regulate the management of digital personal data.
It acknowledges its need to process personal data for legitimate reasons and the right of individuals to have their data secured. The 2022 New Digital Personal Data Bill.
In the Parliamentary Monsoon Session earlier this year, the old Data Protection Bill was overturned. With a focus entirely on rules regarding user data, the ministry subsequently renamed its name to the Personal Data Protection Bill.
KYC data will be affected by the new Personal Data Protection Bill. A bank must complete the KYC procedure when a savings account is opened.
The new data protection bill also includes the data acquired through this process. After the account has been closed for more than six months, the bank must keep KYC details at hand.
A 2022 Digital Personal Data Protection Bill Analysis
It is crucial to recognize and understand the applicability of the Digital Personal Data Security Bill, 2022, which creates an entirely novel structure for personal data privacy.
The Indian government sees the most recently published law as a component of its more extensive plan for a digital economy, which is expected to eventually include an all-encompassing “Digital India Act” to replace the current Information Technology Act of 2000.
Given its potential to have an impact on our daily lives, it is imperative to examine a closer look at its provisions, consequences, and limits.
An amendment published by the Ministry of Electronics and Information Technology (Meity) attempts to “frame forth the rights and obligations of the citizen (Digital Nagrik) on the one hand and the duty of the Data Fiduciary to use the information gathered legally on the other hand.”
The Bill does not deal with non-personal data or encrypted datasets that obscure an individual’s identity and only applies to “digitized” personal data.
As the Personal Data Protection Bill 2018 was the first draft of this Bill presented by the Justice Sri Krishna Committee, founded by the Meity in 2018, this will be the fourth attempt at a data protection law in India.
The Personal Data Protection Bill 2019 was the updated version of this suggested draft that the government submitted to the Lok Sabha in 2019.
This proposed measure was sent to a joint committee of both Houses of Parliament on the same working day, which P.P. Chaudhary, a former minister of state for the ministries of law and justice, electronics, and information technology, headed over.
The journey of bill
| August 2017 | Privacy, as a fundamental right reaffirmed in Justice KS Puttaswamy vs Union of India by SC Justice Srikrishna Committee, constituted to examine data protection issues |
| July 2018 | Committee releases draft of the Personal Data Protection Bill (PDPB) and report |
| December 2019 | The revised draft bill was sent to the joint parliamentary committee (JPC) for both Houses to review |
| December 2021 | JPC releases its report and a new version of the law as the Data Protection Bill (DPB) |
| August 2022 | Draft DPB withdrawn |
| November 2022 | Meity releases draft Digital Personal Data Protection Bill (DPDPB) for public consultation |
| 5th, July 2023 | Union Cabinet approves the draft DPDP Bill, 2023 |
Exemptions
In certain situations, like the avoidance and investigation of crimes and the execution of legal rights or claims, the privacy rights of the data principal and the duties of data fiduciaries (apart from data security) will not apply.
Certain activities may be absolved from the Bill’s limitations by notification from the central government.
These relate to processing by government organizations for state security and public order and collecting information for investigation, preservation, or data analysis.
Data Protection Board of India
The government of India will create the Data Protection Board of India. The Board’s primary responsibilities include implementing penalties for violations, requiring data fiduciaries to take necessary steps in an incident involving data, and considering grievances from concerned parties.
The composition of the Board, the nomination process, the rules and constraints of selection and service, and the expulsion method are all controlled by central laws.
Penalties
The schedule to the Bill outlines punishments for several charges, notably
- a penalty of up to Rs 150 crore for not satisfying objectives to minors and
- penalties of up to Rs 250 crore for failing to take safety precautions for avoiding hacking of information. The Board will settle on charges after undertaking an investigation.
Highlights of the Bill
- When digital personal data is obtained offline or online and transformed into digital form, the Bill will apply to its processing in India. If offering goods or services or profiling consumers in India is at play, it will also apply to handling digital private information outside of India.
- Only proper utilization of private information may be carried out with the approval of the data user. In some circumstances, consent may be assumed.
- Data fiduciaries are accountable for keeping data correct, secure, and deleted when its intended use has been served.
- The Bill provides people with several rights, which include the ability to request data, request modification and deletion, and file a grievance.
- For particular causes, such as state security, public order, and the prevention of crimes, the central government might exclude government agencies from the Bill’s limitations.
- The government of India will create the Data Protection Board of India to determine cases of non-compliance with the Bill’s requirements.
Conclusion
The legislation under consideration gives customers multiple opportunities to learn about their data from services and websites. Individuals have a right to know if and how personally an organization is processing identifiable data about them.
Frequently asked questions
[sp_easyaccordion id=”1636″]
Information By – Aayushi Bhanu
