The Central Government made a significant decision last August when it drafted an order to withdraw the Data Protection Bill (PDP), which was originally proposed in 2019. In November of the same year, the government issued a new bill that is likely to transform the privacy of user data dramatically.
This landmark legislation, the Data Privacy Protection Bill, holds paramount importance as it seeks to regulate how various companies and organizations handle individuals’ data within India.
As of July this year, the Digital Personal Data Protection (DPDP) Bill, 2023, has been approved by the Union Cabinet and has been presented in the Monsoon session of Parliament, which commenced on July 20.
Also read: Redmi 12 4G & 5G Models Launched In India! All Details
What Is DPDP Bill?
According to government sources, the Ministry of Electronics and Information Technology (MeitY) received and carefully assessed 21,666 suggestions provided for the draft bill, which was circulated for feedback in November 2022. Here are five key highlights of the bill that you should be aware of.
Safeguard individual privacy
The bill’s primary objective is to safeguard digital privacy for individuals in relation to their personal data, establish clear guidelines for the flow and usage of data, and foster a relationship of trust between data processors and the individuals whose data they handle. Several of the provisions in this bill guarantee this.
Processing user data
As per the proposed bill, only personal user data that is available on digital platforms cannot be processed without the express permission of the user. Exceptions to these scenarios are detailed in the bill, and any online platform will have to adhere to them strictly. Some of the mentions on this list include preventing the breakdown of ‘public disorder, court orders, credit scoring, and more.
Also read: The Samsung Galaxy Z Fold 5 Vs Fold 4: Should You Upgrade?
RTI for consumers and users
The bill also states that users have express rights to information regarding where, when, and how their data is being used. When asked, digital platforms must oblige a proper summary of personal data used and the processing activities that go along with it. Apart from that, users also get the right to know with whom their personal data is being shared. If the need so arises, the user can also ask the digital platform in question to correct or even erase any data pertaining to the user.
Also Read: Apple Air Tag: 6 Best Uses To Simplify Your Life
Government exemptions
The Central government holds the right to exempt any “instrumentality of the state” ie. a body that is functionally, financially, and administratively under the control of the government, from the provisions of this bill. This could be done in the name of the sovereignty and integrity of the country, the security of the state, or the maintenance of public order. Apart from that, the government also has the right to exempt a ‘class of data fiduciaries’ from certain provisions. A data fiduciary is an individual or a group of individuals who decide the purpose and method of processing Personal Data.
Opportunity for online platforms to make a case for themselves
The central government will appoint the Chief Executive and Board Members of Digital Personal Data Protection. The proposed bill is expected to include “voluntary undertakings” which provide the opportunity for platforms that have violated the regulation to defend their case before the data protection board. This authoritative body will hold the ability to receive settlement fees and determine the magnitude of the penalty. Platforms found guilty of a data breach will face a fine of Rs 250 crore for each instance.
Also read: JioBook Laptop: Launch Date, Price, Specs & All You Need To Know
Significance of India’s Personal Data Protection Bill
- Digital Transformation: The growth of internet usage in India has been phenomenal, with one of the highest numbers of internet users worldwide. With digitalisation, more personal data is being collected, stored, and processed than ever before, making it crucial to have a proper regulatory framework for data protection.
Also read: What is the best way to Deactivate Threads Account?
- Privacy Concerns: Incidents of data breaches and misuse have been rising, compromising the privacy of individuals. The bill aims to safeguard personal data and provide remedies in case of any violation.
- Data Localisation: The Bill mandates certain categories of data to be stored within the borders of India. It’s an attempt to ensure that the data is not misused in foreign jurisdictions and can be accessed for legal and security purposes.
- Legislative Void: Before this Bill, India didn’t have a specific law dedicated to data protection. The IT Act of 2000 and its rules provided some data protection measures, but they were not comprehensive.
- User Rights: It introduces the concept of ‘Data Principal’ and ‘Data Fiduciary’, essentially the data subject (an individual whose data is being processed) and data controller (entity processing the data), respectively. It gives more control to users over their data, including the right to access and correct their data.
- Accountability and Compliance: The Bill holds companies accountable for their data practices. It provides for a Data Protection Authority to oversee and enforce compliance.
Summary
Overall, the Personal Data Protection Bill, once enacted, would provide a comprehensive and robust framework for data protection in India. It will align India with global standards and also give confidence to citizens and entities alike about the safety and privacy of their data.