Polity

Digital Personal Data Protection Bill

Aravind M
Aravind M
April 12, 2023 · 3 min read
1
Digital Personal Data Protection Bill

News Highlight

New Digital Personal Data Protection Bill in Monsoon Session.

Key Takeaway

  • The government advises the Supreme Court, which is hearing petitions against WhatsApp sharing users’ data with Facebook corporations that it would be tabled in Parliament in July.
  • On April 11, 2023, the Union government informed the Supreme Court that a new law, the Digital Personal Data Protection Bill 2022, to ensure individual privacy in online space is “ready.”

Digital Personal Data Protection Bill 2022

  • Background
    • Since 2018, when a panel led by Judge B N Srikrishna prepared a draught version of the Bill, the data protection Bill has been in the works.
    • It is India’s first attempt to enact domestic data protection legislation.
    • The government revised this draught and tabled it in the Lok Sabha in 2019 as the Personal Data Protection Bill, 2019 (PDP Bill, 2019).
    • Owing to the pandemic’s delays, the Joint Committee (JPC) on the PDP Bill 2019 published its report on the Bill two years later, in December 2021.
    • A new draught statute accompanied the study, the Data Protection Bill, 2021, which incorporated the JPC’s suggestions.
    • However, the government withdrew the PDP Bill in August 2022, citing the JPC’s report and the “substantial revisions” made to the 2019 Bill by the JPC.
    • The government is now anticipated to introduce the Bill in Parliament during the 2023 budget session.
  • Aim
    • Governing the online realm, including distinct legislation on data privacy, the internet ecosystem, cyber security, and telecom regulations.
    • As well as leveraging non-personal data to stimulate innovation in the country.

Seven Principles of the DPDP Bill

  • Lawful use
    • First, “Organisations’ use of personal data must be lawful, fair to the individuals involved, and transparent to individuals.”
  • Purposeful dissemination
    • According to the second principle, personal data shall only be used for the purposes it was obtained.
  • Data minimisation
    • The minimum and only necessary data should be collected to achieve a goal.
  • Data Accuracy
    • At the collection point. There should be no duplicates.
    • Duration of storage
    • The fifth principle states that personal data should not be “stored indefinitely by default” and should be limited to a fixed period.
  • Authorised collection and processing
    • There must be sufficient protections to guarantee that “no unauthorised collection or processing of personal data occurs.”
  • Accountability of users
    • The individual who determines the purpose and means of processing personal data should be held accountable for such processing.

Scope of Present Bill

  • The DPDP Law, 2022, relates to all digitally carried out processing of personal data.
  • This would encompass both online personal data and offline, personal data that has been digitised for processing.
  • In practice, this gives a somewhat lower level of protection because it is fully inapplicable to data processed manually.
  • Formerly, draughts only excluded data processed manually by “small entities,” not data processing in general.
  • Regarding geographical application, the Bill addresses the processing of personal data.
  • Information is gathered by data fiduciaries within Indian territory and processed to provide goods and services within India.

Significance of the revamped Bill

  • Strong safeguards: The earlier version of Bill’s fines for data misuse was deemed ineffective as a deterrence.
  • The increased penalties recommended now would encourage entities to implement adequate safeguards to protect data and impose fiduciary discipline.
  • Businesses would face punitive actions in the form of financial penalties if their data were misused or breached.
  • The impending Data Protection Bill would end the exploitation of client data by imposing financial penalties on organisations.
  • Under the proposed Bill, there will also be a stringent or purpose limitation on data acquired by companies and a time limit for storing it.
  • Data fiduciaries will be expected to discontinue the retention of personal data and destroy previously gathered data after the original purpose for which it was collected has been met.

Conclusion

  • It takes a lot of effort to draught such important legislation.
  • It may take more trial and error to succeed.
  • Creating a comprehensive legal framework will undoubtedly take considerable time and thought.

Pic Courtesy: The Hindu

Content Source: The Hindu

Read More…

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *