The Lok Sabha has approved the Digital Personal Data Protection Bill, 2023. While respecting the rights of Indian citizens, this legislation outlines the obligations of organisations handling and processing digital data. For individuals found to have violated the provisions of the bill, severe penalties are now in place, ranging from a minimum of Rs 50 crore to a maximum of Rs 250 crore.
On August 3, Union Minister of Communications, Electronics, and Information Technology Ashwini Vaishnaw introduced the bill in the Lok Sabha. Vaishnaw maintained the bill’s status as a “normal bill” and pushed it for discussion in response to calls from the opposition to refer the bill to the standing committee for more investigation.
Establishing a thorough framework for the protection of personal data is the main goal of the Digital Personal Data Protection Bill of 2023. This framework extends its authority to cover any personal information gathered in India, including later digitised offline and internet information. Additionally, the rules of the bill will be applicable if data processing takes place outside of India but involves providing products or services to people within of India.
The Minister of State for Electronics and IT, Rajeev Chandrasekhar also explained how the Bill, once passed by Parliament, will protect the rights of all citizens Chandrasekhar also added that the Bill would allow innovation economy to expand and permit the government’s lawful and legitimate access in national security and emergencies like pandemics and earthquakes, etc.
“It will take a lot of the concerns and a lot of misuse and exploitation that is done by many of these (online) platforms. Puts a break on that, finally. This is certainly legislation that will create deep, lasting behavioural change and create high punitive consequences for any or all platforms that misuse or exploit the personal data of any Indian citizen,” Chandrasekhar added.
Here’s how DPB will protect your privacy:
Children and physically disabled people are given special consideration; therefore, processing their data must only be done with their guardians’ permission.
Firms are required to designate a Data Protection Officer (DPO) and provide the user with the DPO’s contact information.
Data Security: Even if personal data is held with third-party data processors, entities dealing with user data are expected to ensure that it is protected.
Government Control over Data Transfer: The bill gives the central government the authority to control the transmission of personal data to nations or territories outside of India.
Data Breach Notification: Businesses are required to immediately notify the Data Protection Board (DPB) and any affected users in the case of a data breach.
Authority of DPB: The DPB has the power to subpoena and question witnesses under oath, investigate records of businesses that handle personal data, and suggest banning access to intermediaries that consistently violate the terms of the bill.
Appeals Process: The Telecom Disputes Settlement and Appellate Tribunal will decide appeals against DPB decisions.
Penalties: For data breaches, failure to preserve personal data or failure to notify the DPB and users of a breach, the DPB may impose fines of up to Rs 250 crore, depending on the kind and severity of the violation.
In comparison to the General Data Protection Regulation (GDPR) of the European Union, which provides 16 exemptions, the India Bill only has four.
Comments