Introduction to Digital Personal Data Protection Act 2023 passed
The Digital Personal Data Protection Bill, 2023, which outlines procedures on how businesses and the government itself can collect and use information and personal data of Indian citizens, was introduced by the Centre in Parliament on Thursday (August 3), following nearly five years of negotiations involving the government, technology companies, and representatives of civil society.
About the Bill
The Digital Personal Data Protection (DPDP) law seeks to safeguard the privacy of Indian citizens while imposing a maximum fine of Rs 250 crore on organisations that misuse or neglect to secure personal digital data.
A breach of personal data must be reported to the Data Protection Board (DPB) and the user, and companies handling user data will be obligated to protect the individual’s information.
“DPDP Bill is made into a law. Received Hon’ble President’s assent,” Vaishnaw wrote in posts on Koo and X (formerly Twitter).
On August 9, the Rajya Sabha approved the DPDP bill, which establishes a number of compliance criteria for the gathering and processing of personal data, includes rules to prevent online platforms from misusing users’ data, and carries a penalty of up to Rs 250 crore for any data breach.
The Digital Data Protection Bill’s Key Details
The following provisions of the Bill protect digital personal data (i.e., information that can be used to identify a person):
- The duties of data fiduciaries, or those who collect, store, or otherwise handle personal data on behalf of other people, businesses, or governmental organisations.
- The rights and obligations of Data Principals, or the subject of the data.
- Financial sanctions for rights, duties, and obligations violations.
Key Features of the Bill
The bill includes safeguards to prevent online platforms from misusing users’ data. The measure imposes requirements on both private and public bodies for the acquisition and processing of citizen data, according to Ashwini Vaishnaw, the union’s minister of information technology.
According to the DPDP law, processing of children’s data is permitted with parental agreement. The measure had been adopted by the Lok Sabha on August 7. According to IT Minister Vaishnaw’s prior statements this week, the administration anticipates putting the Act into effect in ten months.
The measure specifies how businesses should handle user data, and it gives the government the authority to ask businesses for information and order the blocking of content in response to recommendations made by a data protection board chosen by the Union government.
If data fiduciaries or businesses using personal data ignore complaints from individuals, it becomes moot to establish the Data Protection Board of India to resolve issues from people regarding their right to privacy.
The bill covers the processing of digital personal data in India, whether the data is initially gathered in non-digitized form and afterwards converted to digital form.
Also read about personal injury law
Exemptions
In some circumstances, the rights of the data principal and the duties of data fiduciaries (apart from data security) will not apply.
These consist of –
- crime prevention and investigation, and
- the upholding of legal rights or claims. Certain activities may be exempted by the central government from the Bill’s application through notification.
These consist of –
- processing by government agencies for the sake of state security and public order, and
- gathering information for research, archiving, or statistical purposes.
Contributed by Ankit Raj Sharma
Edited by Imtiaz Ullah