The Digital Personal Data Protection Bill, 2023
Author:- Sk.Thabasum, a Student of KL UNIVERSITY
Personal data is information that relates to an identified or identifiable individual. Processing of personal data may also aid law enforcement. Unchecked processing may have adverse implications for the privacy of individuals, which has been recognised as a fundamental right. It may subject individuals to harm such as financial loss, loss of reputation, and profiling.
Currently, India does not have a standalone law on data protection. Use of personal data is regulated under the Information Technology (IT) Act, 2000. In 2017, the central government constituted a Committee of Experts on Data Protection, chaired by Justice B.N. Srikrishna, to examine issues relating to data protection in the country. The Committee submitted its report in July 2018. Based on the recommendations of the Committee, the Personal Data Protection Bill, 2019 was introduced in Lok Sabha in December 2019. The Bill was referred to a Joint Parliamentary Committee which submitted its report in December 2021. In August 2022, the Bill was withdrawn from Parliament. In November 2022, a Draft Bill was released for public consultation. In August 2023, the Digital Personal Data Protection Bill, 2023 was introduced in Parliament.
Key Features:-
Applicability: The Bill applies to the processing of digital personal data within India where such data is: (i) collected online, or (ii) collected offline and is digitised. It will also apply to the processing of personal data outside India if it is for offering goods or services in India. Personal data is defined as any data about an individual who is identifiable by or in relation to such data. Processing has been defined as wholly or partially automated operation or set of operations performed on digital personal data. It includes collection, storage, use, and sharing.
Consent: Personal data may be processed only for a lawful purpose after obtaining the consent of the individual. A notice must be given before seeking consent. The notice should contain details about the personal data to be collected and the purpose of processing. Consent may be withdrawn at any point in time. Consent will not be required for ‘legitimate uses’ including: (i) specified purpose for which data has been provided by an individual voluntarily, (ii) provision of benefit or service by the government, (iii) medical emergency, and (iv) employment. For individuals below 18 years of age, consent will be provided by the parent or the legal guardian.
Rights and duties of data principal: An individual whose data is being processed (data principal), will have the right to: (i) obtain information about processing, (ii) seek correction and erasure of personal data, (iii) nominate another person to exercise rights in the event of death or incapacity, and (iv) grievance redressal. Data principals will have certain duties. They must not: (i) register a false or frivolous complaint, and (ii) furnish any false particulars or impersonate another person in specified cases. Violation of duties will be punishable with a penalty of up to Rs 10,000.
Transfer of personal data outside India: The Bill allows transfer of personal data outside India, except to countries restricted by the central government through notification.
Exemptions: Rights of the data principal and obligations of data fiduciaries (except data security) will not apply in specified cases. These include: (i) prevention and investigation of offences, and (ii) enforcement of legal rights or claims. The central government may, by notification, exempt certain activities from the application of the Bill. These include: (i) processing by government entities in the interest of the security of the state and public order, and (ii) research, archiving, or statistical purposes.
Penalties: The schedule to the Bill specifies penalties for various offences such as up to: (i) Rs 200 crore for non-fulfilment of obligations for children, and (ii) Rs 250 crore for failure to take security measures to prevent data breaches. Penalties will be imposed by the Board after conducting an inquiry.
![Freedom of Speech in India [Indian Supreme court and Law of Sedition]](https://blogger.googleusercontent.com/img/a/AVvXsEiGLLUmLKq5Da6xDZplasOZHKRj-jOhWPkoeuy0_Eq757tUpOiHz-xooXwIlAjF0-hmBfi-TtMIv6on_sVgBXVq4wbWwnbsqLOcNX22S8C2aSq-ZuK3vn9wWAx8tXByYOBfwc0hs6b8RJV84YNFG2greouGKjup6g8kN-xVlchW33VHdSSmrhLC1BUEVbGp=w680)
