Jahanvi Agarwal
The Digital Personal Data Protection Bill, 2023 was adopted by the Lok Sabha on August 7 and has been passed by the Rajya Sabha as well. Not only this but the President has also gave her assent which make DPDP Bill, 2023 a law.
The Bill has been passed in order to “provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes.”
It applies to the processing of digital personal data within the territory of India where the personal data is collected in digital form or in non-digital form and digitised subsequently.
It also applies to processing of digital personal data outside the territory of India, if such processing is in connection with any activity related to offering of goods or services “to Data Principals within the territory of India.”
The person to whom the personal data refers is referred to as the “Data Principal”.
The Bill states that only with consent and for certain “legitimate uses” may personal data be handled. In accordance with the Bill, “personal data” refers to “any data about an individual who is identifiable by or in relation to such data.”
The bill offers the central government the authority to exclude government agencies from the bill’s provisions in the interest of specified grounds such as security of the state, public order, and prevention of offenses.
The Data Protection Board of India must be established by the central government, according to the Bill. It will oversee compliance and the implementation of sanctions, order data fiduciaries to take the appropriate action in the case of a data breach, and listen to complaints filed by impacted parties.
Additionally, there are fines of up to Rs. 250 crores for failing to take security measures to avoid data breaches and up to Rs. 200 crores for not adhering to obligations to children.
According to the Bill, a notice describing the planned use of the personal data must be included with or made prior to the request for consent. It additionally grants individuals a few rights, such as the ability to obtain information, seek correction and erasure, and grievance redressal.
Concerns regarding the potential exploitation of personal data have been raised by privacy activists using arguments such as “interest of sovereignty and integrity of India” or “Security of State” The Bill does not provide that data must be deleted after processing for a particular purpose.
IT Minister Ashwini Vaishnaw responded to the criticism in the Lok Sabha by asking, “If there is a natural disaster or earthquake, should we worry about … consent notices, or focus on people’s safety?”. “If the police are pursuing an offender somewhere, will they concern themselves with forms, or will there be action?”, he questioned.
Jayadev Galla, MP of the Telugu Desam Party, expressed concern over a potential Central control of the data protection body.
Syed Imtiaz Jaleel, an AIMM member of parliament, opposed the bill and stated, “The Bill raises serious questions, one of them being the excessive centralisation of power. The Union government can exempt any government or private-sector entity from the application of the provisions of the law merely by issuing a notification.”
Click here to Access the Bill.