Government Know About The Digital Personal Data Protection Bill, 2023

Know About The Digital Personal Data Protection Bill, 2023

The bill seeks to enable India's Digital economy and its innovation ecosystem.

By
Shruti Govil
-

The bill permits the processing of digital personal data in a manner that guarantees individuals’ rights to privacy protection and the requirement that the data be processed for justifiable purposes and purposes associated with or incidental to those objectives. 

The following provisions in the bill safeguard digital personal data—that is, information that can be used to identify an individual—including: The rights and duties of Data Principals, or the person to whom the data relates, the obligations of Data Fiduciaries, or individuals, businesses, and governmental organisations that process data, for data processing, which includes gathering, storing, or any other operation on personal data, and the financial penalties for violating these rights, duties, and obligations.

What does the bill seek to achieve?

  1. Boost the Simplicity of Daily Life and Business Transactions; 
  2. Enable India’s Digital Economy and its Innovation Ecosystem; 
  3. and Enact Data Protection Law with the least disruption while guaranteeing required changes in how Data Fiduciaries manage data.

Principles of the bill

The bill is based on the following principles: 

  • the idea of permissioned, legitimate, and open use of personal information;
  • the concept of purpose limitation, which states that personal information should only be used for the purposes for which it was collected with consent from the data principal
  • the data minimisation principle, which calls for collecting personal information only to the extent required to fulfill a given objective;
  • the idea of data accuracy, which is making sure data is current and accurate; limited storage (keeping data for as long as it’s required for the intended use); appropriate security measures and
  • The accountability concept (adjudicating data breaches and Bill provisions violations and imposing fines for the breaches).

 Innovative features

A few other novel aspects of the bill are as follows: 

  • The bill is succinct and an example of SARAL law—Simple, Accessible, Rational, and Actionable—because it 
  1. Lacks provisos (“Provided that”), 
  2. utilises simple language, 
  3. has few cross-references, 
  4. and straightforward visuals to convey the message.
  • For the first time, it recognises women in Parliamentary lawmaking by referring to them as “she” rather than “he.”
  • Individuals shall have the following rights under the bill: 
    • the right to obtain information about how their personal data is handled; 
    • the right to have data corrected and erased; 
    • the right to grievance redress; 
    • and the right to designate an agent to act on their behalf in the event of incapacity or death.
  • To exercise his or her rights, the impacted Data Principal should first contact the Data Fiduciary. They can easily file a complaint against the Data Fiduciary with the Data Protection Board if they are dissatisfied. 
  • The following duties on the part of the data fiduciary are outlined in the bill:
    • to notify the impacted Data Principal and the Data Protection Board of any personal data breaches; to put security measures in place to avoid such breaches;
    • to remove personal information from existence once it serves its intended purpose;
    • to remove personal data upon withdrawal of consent;
    • the establishment of a grievance redressal system and the appointment of an official to handle inquiries from data principals, and
    • to complete certain additional duties, such as hiring a data auditor and carrying out recurring Data security Impact Assessments to guarantee a greater level of data security, with regard to Data Fiduciaries notified as Significant Data Fiduciaries.
  • The bill also protects minors’ personal information.
    • According to the bill, a Data Fiduciary may only process children’s personal information with permission from their parents.
    • The bill forbids processing that affects children’s welfare or entails surveillance, behavioural monitoring, or targeted advertising.
  • The following are the exemptions listed in the Bill: For notified agencies regarding security, sovereignty, public order, etc.;
    • To enforce legal rights and claims; 
    • To carry out judicial or regulatory activities; 
    • To prevent, detect, investigate, or prosecute offences; 
    • For startups or other notified groups of Data Fiduciaries; 
    • For research, archiving, or statistical purposes;
    • To process non-residents’ data under foreign contracts in India; 
    • To find defaulters and their financial assets; 
    • For authorised mergers, demergers, etc.

Key functions of the board

The Board’s primary responsibilities include 

  • directing the mitigation or repair of data breaches, 
  • investigating data breaches and complaints and, levying fines, 
  • referring complaints to Alternative Dispute Resolution and accepting voluntary undertakings from data fiduciaries, 
  • And advising the government to block a data fiduciary’s website, app, etc., if it is discovered that the fiduciary has repeatedly violated the bill’s provisions.

RELATED ARTICLES

Exit mobile version