The Bill will lay down the digital rights and duties of citizens and also help in reducing data-related frauds.
The Digital Personal Data Protection Bill is ready to be introduced in Parliament. This bill will help in protecting our data and maintaining our privacy.
The Union Cabinet has already approved the draft bill that is called Digital Personal Data Protection Bill. The government was working on this bill for a long time.
Privacy was considered a fundamental right by the Supreme Court of India. After about six years, the Central government has made a second attempt to enact this law to secure the personal digital data.
Earlier, the draft of Digital Personal Data Protection Bill was presented in Parliament but the Opposition had counted many amendments in it, after which the government is going to present it once again in the current Monsoon session.
What is the Personal Data Protection Bill?
The bill is an important component of a comprehensive framework of technology regulations being developed by the government, which also includes the Digital India Bill and the Indian Telecom Bill and a policy governing non-personal data.
The Bill will have jurisdiction over the processing of digital personal data in India. It includes data collected online or offline and subsequently digitized.
Why the Need of Data Protection Bill
In the midst of the digital transformation taking place in the country, the pressure to keep the data of the citizens of the country safe is increasing. There is also a steady increase in crimes related to the data of citizens. This means that cases of data theft are also coming to the fore. In such a situation, it was necessary that such a law should be made so that the data of common people is protected and strict action can be taken against those who violate it. This Data Protection Bill will lay down the digital rights and duties of the citizens and will also help in reducing data-related frauds.
Bill will be Effective outside India
The Bill will also apply to processing of data outside India if it involves the offering of goods or services or profiling of individuals in India. According to this bill, personal data can be used for lawful purposes only with the consent of the individual.
The Bill provides certain rights to individuals, including the right to access information, request rectification and deletion, and redressal of grievances. The government may exempt its agencies from certain provisions of the Bill on specified grounds such as national security or public order. To enforce compliance of the Bill, the government will set up the Data Protection Board of India. Once the Bill will be passed, require data fiduciaries to obtain verifiable consent from a legal guardian before processing a child’s personal data.
Salient Features of the Bill
The Bill will apply to the processing of digital personal data in India, whether collected online or offline and digitised. The Bill will also apply to processing of personal data outside India if it involves the offering of goods or services or profiling of individuals in India.
Personal data & Consent
Personal data can only be used for lawful purposes with the consent of the individual. Consent will be obtained through a notice which will also provide details about the data to be collected and the purpose of the processing. In addition, individuals will have the right to withdraw their consent at any time. For users below 18 years of age after the passage of this Bill, consent shall be provided by their legal guardian. Consent is often deemed to have been given in some cases where processing is necessary for functions under law, provision of services or benefits by the state, medical emergencies, employment purposes and specified public interest purposes such as national security and fraud prevention.
According to this bill, if a platform wants to collect personal data of a person, it must first give notice to the concerned individual or institution. In this notice, he will also have to give details of the data of the person concerned and why he needs it. Persons whose data will be processed after the entry into force of this Act shall be entitled to receive information about the processing, to request rectification and erasure of their personal data, to exercise their rights in case of death or incapacitation of another person shall have the right to nominate and seek grievance redressal. Data principals also have certain duties, including not filing false or frivolous complaints and providing accurate information. Breach of these duties can lead to punishment.
Data Accuracy and Security
Data fiduciaries shall make efforts to ensure data accuracy and security to entities determining the purpose and means of processing. They must implement appropriate security measures to prevent data breaches and notify the Data Protection Board of India and affected individuals in case of a breach. Personal data will be deleted after the purpose of the processing has been accomplished, except when retention is necessary for legal or commercial purposes. The storage limit requirement will not apply to government entities.
Data Transfer: Terms and Conditions
After Passing the Bill, the Government of India will notify the countries to which data fiduciaries can transfer personal data. Such transfers will be subject to the prescribed terms and conditions. Except for data protection, certain rights of data principals and obligations of data fiduciaries may not apply in specific cases, such as prevention and investigation of crimes and enforcement of legal rights.
The central government may, by notification, exempt certain activities, including processing by government entities in the interest of state security and public order, as well as research, collection or statistical purposes.
Provisions of Punishment
The Bill specifies penalties for various offences, ranging from Rs 150 crore for non-fulfilment of obligations relating to children’s data to Rs 250 crore for failure to implement safeguards to prevent data breaches. The draft Digital Personal Data Protection Bill has proposed 6 types of penalties ranging from non-companies to companies. The Data Protection Bill is based on the data principle. According to the rules, the collection and use of personal data of users in the country should be done through legal means and while controlling its misuse, transparency should be made regarding its protection.
To prevent personal data breach, the draft bill proposes a fine of up to Rs 250 crore. Failure to notify the board and affected parties in the event of a personal data breach and non-fulfilment of additional obligations in respect of children may attract a penalty of up to Rs 200 crore. Non-compliance with the provisions of this Act and any rules made thereunder shall attract a fine which may extend to Rs.50 crore. If someone breaks the law regarding data protection, then the concerned person can go to court. Through this, people will have the right to ask for details about their data collection, storage and processing.
Data Protection Board
The central government will set up the Data Protection Board of India, which will monitor compliance, impose fines, direct data fiduciaries in case of data breaches, and address complaints. The government will determine the composition of the board, the selection process, the terms and conditions of appointment and the procedure for removal.
Digital Economy Booster
If any company collects personal data of people, then the company will also have to take the responsibility of keeping that data completely safe. Not only this, the data can be stored only when it is not very important. With the coming of the Data Protection Bill, the digital economy will increase in the country. Companies will have to keep servers in the country.