Digital Personal Data Protection Bill 2023
Description
Digital Personal Data Protection Bill 2023: Empowering
Users and Ensuring Data Privacy
Description: Discover the significance of the Digital Personal Data Protection Bill, which aims to safeguard user data, hold entities accountable, and protect the right to privacy.
Highlights of the Bill
• The Bill will apply to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised. It will also apply to such processing outside India, if it is for offering goods or services in India.
• Personal data may be processed only for a lawful purpose upon consent of an individual. Consent may not be required for specified legitimate uses such as the voluntary sharing of data by the individual or processing by the State for permits, licenses, benefits, and services.
• Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met.
• The Bill grants certain rights to individuals including the right to obtain information, seek correction and erasure, and grievance redressal.
• The central government may exempt government agencies from the application of provisions of the Bill in the interest of specified grounds such as security of the state, public order, and prevention of offences.
• The central government will establish the Data Protection Board of India to adjudicate on non-compliance with the provisions of the Bill.
Key Issues and Analysis
• Exemptions to data processing by the State on grounds such as national security may lead to data collection, processing, and retention beyond what is necessary. This may violate the fundamental right to privacy.
• The Bill does not regulate risks of harm arising from the processing of personal data.
• The Bill does not grant the right to data portability and the right to be forgotten to the data principal.
• The Bill allows the transfer of personal data outside India, except to countries notified by the central government. This mechanism may not ensure adequate evaluation of data protection standards in the countries where the transfer of personal data is allowed.
• The members of the Data Protection Board of India will be appointed for two years and will be eligible for re-appointment. The short-term with scope for re-appointment may affect the independent functioning of the Board.
Key Features
Applicability: The Bill applies to the processing of digital personal data within India where such data is:
(i) collected online, or
(ii) collected offline and is digitised. It will also apply to the processing of personal data outside India if it is for offering goods or services in India.
Consent: Personal data may be processed only for a lawful purpose after obtaining the consent of the individual. A notice must be given before seeking consent.
Rights and duties of data principal: An individual whose data is being processed (data principal), will have the right to:
(i) obtain information about processing,
(ii) seek correction and erasure of personal data,
(iii) nominate another person to exercise rights in the event of death or incapacity, and
(iv) grievance redressal.
Obligations of data fiduciaries: The entity determining the purpose and means of processing, (data fiduciary), must:
(i) make reasonable efforts to ensure the accuracy and completeness of data,
(ii) build reasonable security safeguards to prevent a data breach,
(iii) inform the Data Protection Board of India and affected persons in the event of a breach, and
(iv) erase personal data as soon as the purpose has been met and retention is not necessary for legal purposes (storage limitation).
Transfer of personal data outside India: The Bill allows transfer of personal data outside India, except to countries restricted by the central government through notification.
Exemptions: Rights of the data principal and obligations of data fiduciaries (except data security) will not apply in specified cases.
These include: (i) prevention and investigation of offences, and
(ii) enforcement of legal rights or claims.
Data Protection Board of India: The central government will establish the Data Protection Board of India.
Key functions of the Board include:
(i) monitoring compliance and imposing penalties,
(ii) directing data fiduciaries to take necessary measures in the event of a data breach, and
(iii) hearing grievances made by affected persons. Board members will be appointed for two years and will be eligible for re-appointment.
Significance of Digital Personal Data Protection Bill, 2023
• The Digital Personal Data Protection Bill 2023 will be able to keep the personal data of a user safe, and give them more liberty on how to port their personal data.
• Big corporations and consumers will be charged a hefty fine if they fail to do so and don’t follow the norms listed in the bill.
• The bill aims to make entities like internet companies, mobile apps, and business houses more accountable and answerable about the collection, storage, and processing of the data of citizens as part of the "Right to Privacy".
• Once approved, several entities, both public and private, will need to seek consent from users to collect and process their data.
• This means that the right to privacy of each consumer will be valued more, and their data will be more safeguarded than before.
Here is the article link to Cyber-crime: Types and steps taken by the government
