Prime Minister Narendra Modi-led union government on 3 August introduced the Digital Personal Data Protection Bill, 2023 in the Lok Sabha.
It was tabled in the parliament by Union Communications, Electronics, and Information Technology Minister Ashwini Vaishnaw, amid strong opposition by Opposition leaders who claimed it violates the fundamental right to privacy.
The Opposition sought the bill should be sent to the standing committee for scrutiny, as the government had withdrawn a bill on data protection last year and the new bill needs more scrutiny. Though Vaishnav claimed this bill is not a money bill and all issues raised by the opposition will be answered during the debate.
Meanwhile, Mos for Electronics and Information Technology Rajeev Chandrasekhar He took to Twitter and wrote that the bill is a very significant milestone in Narendra Modi's vision of “Global Standard Cyber Laws for India’s digital economy.” He also noted that the bill "will protect the rights of all citizens" and permit “Govt's lawful and legitimate access in national security and emergencies like pandemics and earthquakes, etc."
The DPDP Bill defines, on the one hand, the rights and obligations of the user and, on the other hand, the obligations for the lawful use of the collected data by private or public enterprises.
The Bill is based on six principles of the data economy: a lawful and transparent collection and usage of the personal data of citizens of India; a legal purpose for collecting the data and storing the data till the purpose is served; collection of only relevant data of individuals and serving the pre-defined purpose should be the only aim; data protection and accountability; accuracy of data; and timely reporting of data breaches to the Data Protection Boards.
The Bill envisages penalties of up to ₹250 crore per instance in the case of a data breach, lower than ₹500 crore proposed in the earlier draft issued in November 2022.
The Union Cabinet had approved the Bill last month, which had several changes, including one clause which allows government to direct any government agency, an intermediary or a platform to block or ban any information, in the interest of the general public and after giving an opportunity of being heard to that data fiduciary. Сivil society and experts remain concerned about the sweeping exemptions granted to government bodies from the provisions of the bill.
What the DPDP bill proposes?
It proposes data protection legislation that allows the transfer and storage of personal data in some countries while raising the penalty for violations.
Also, it proposed legislation stipulates consent before collecting personal data and provides for stiff penalties of as much as ₹500 crore on persons and companies that fail to prevent data breaches including accidental disclosures, sharing, altering, or destroying personal data.
The bill applies to the processing of ‘Digital Personal Data’ and excludes from its ambit both non-personal data and data in non-digital formats.
This applies to processing digital personal data within the Indian territory and processing digital personal data outside India if such processing is in connection with any profiling or offering goods or services to data principals within India.
However, it doesn't apply to non-automated processing, processing for domestic or personal purposes by individuals, and personal data about individuals contained in records that have been in existence for at least 100 years.
Consent Criteria:
As per the bill, the personal data of an individual can only be processed for a lawful purpose for which the concerned individual has given consent or is deemed to have given her consent. It mentions the consent should be free, specific, informed, and unambiguous. Though a clause of deemed consent has been added, that refers to situations where consent is not expressly needed.
Data Localisation and Cross-Border Transfer:
According to the current bill, cross-border data flow to certain countries and territories has been permitted, along with relaxations in data localization requirements.
In addition to the DPDP Bill, a Digital India Bill and a Telecom Bill to replace the current IT Act and the Telegraph Act, are in the pipeline.
Sources: Mint, Mint, Moneycontrol
