Digital Personal Data Protection Bill 2023: Key Points And Analysis

Digital Personal Data Protection Bill 2023

Digital Personal Data Protection Bill 2023: The Digital Personal Data Protection Bill aims to regulate the processing of digital personal data in India. It applies to both online and offline data collection and processing, including activities outside India if they involve offering goods or services in India.

Digital Personal Data Protection Bill 2023

Digital Personal Data Protection Bill 2023: Consent and Legitimate Uses:

– Personal data can be processed only for lawful purposes with the individual’s consent, except for specified legitimate uses.
– Legitimate uses include voluntary data sharing, processing by the State for licenses and benefits, and medical emergencies.
– Consent is not required for government-provided benefits, and individuals below 18 need parental/guardian consent.

Digital Personal Data Protection Bill 2023: Key Issues and Analysis:

On August 3, 2023, the Indian Government introduced the Digital Personal Data Protection Bill, 2023 (DPDP Bill) in the Indian Parliament. This marks the fifth version of personal data protection legislation and appears to draw from the draft Bill titled Digital Personal Data Protection Bill, 2022, released by the Ministry of Electronics and Information Technology on November 18, 2022, which underwent public consultations. The DPDP Bill specifically addresses digital personal data and does not encompass non-personal data. Its enactment will replace Section 43A of the Information Technology Act, 2000 (IT Act), as well as the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 (SPDI Rules).

Digital Personal Data Protection Bill 2023 Applicability

The DPDP Bill exclusively pertains to digital personal data, which includes data collected in digital form or data that is digitized after collection.
It applies to digital personal data processed outside India if related to offering goods or services to data principals (data subjects) in India.
The DPDP Bill does not extend to: (i) personal data processed for personal or domestic purposes; or (ii) personal data made publicly available by the data principal or under legal obligation.

Data Protection Principles:

The DPDP Bill encompasses essential principles:
- Personal data must be processed solely for a lawful purpose, with the data principal’s consent and in compliance with the DPDP Bill.
- Only necessary personal data should be collected.

Uniform Treatment of Personal Data:

The DPDP Bill treats all forms of personal data uniformly and does not differentiate between categories like sensitive or critical personal data. Consequently, the requirements apply equally to all types of personal data, departing from the SPDI Rules that distinguish between ‘personal information’ and ‘sensitive personal data or information’.

Enroll now for UPSC Online Classes

Consent forms the basis for personal data processing and must be explicit, informed, unconditional, and unambiguous, obtained through affirmative action.
Data principals can withdraw consent easily without affecting prior lawful processing.
Notices must inform data principals of their rights, personal data details, purposes of processing, and methods for exercising rights.

Obligations of Data Fiduciaries:

Data fiduciaries are accountable for DPDP Bill compliance, even when personal data is processed by data processors on their behalf.
When data fiduciaries process personal data likely to impact the data principal, accuracy and completeness must be ensured.
Personal data must be deleted when consent is withdrawn or the purpose is no longer relevant, except when retention is legally required.

Notification of Personal Data Breach:

Data fiduciaries must inform the DPB (Data Protection Board) and affected data principals of personal data breaches.

Cross-Border Data Transfer:

Data fiduciaries can transfer personal data abroad, except to countries restricted by the Central Government.
If another law provides more protection or imposes restrictions on cross-border data transfer, that law prevails.

Significant Data Fiduciaries:

Significant data fiduciaries, identified by the Central Government, face additional obligations like appointing a data protection officer and data auditor.

Data of Children and Persons with Disabilities:

Processing children’s data requires parental consent. Behavioral monitoring and targeted advertising of children are prohibited.
The Central Government can exempt certain data fiduciaries and processing purposes from parental consent and monitoring prohibition.

Enroll now for UPSC Online Course

Rights of Data Principals:

Data principals have rights to access their data, correct it, and nominate someone to exercise rights on their behalf after their death or incapacitation.

Data Protection Board of India (DPB):

The DPB enforces the DPDP Bill, with authority to impose penalties, inquire into breaches, and issue orders.
Appeals against DPB orders can be made to the TDSAT and, subsequently, the Supreme Court.

Power to Call for Information and Block Access:

The Central Government can seek information from the DPB, data fiduciaries, or intermediaries.
In cases of repeated penalties and public interest, the Central Government can block access to information.

Penalties:

Monetary penalties up to INR 250 crores may be imposed by the DPB based on breach severity.
No compensation is provided for compromised personal data.
Data principals may be penalized up to INR 10,000 for certain breaches of duties.

Voluntary Undertaking:

The DPB can accept voluntary undertakings from those facing non-compliance actions under the law.

Exemptions:

Provisions may be exempted for specific purposes and instrumentalities of the State or enforcement of legal rights.
Data fiduciaries, including startups, can be exempted from certain obligations.

Enroll now for UPSC Online Classes

CURRENT STATUS of Digital Personal Data Protection Bill 2023: The DPDP Bill is currently before the Lok Sabha and awaits further consideration. After clearance by both Houses of Parliament and Presidential assent, it will become law.

The Digital Personal Data Protection Bill seeks to regulate digital personal data processing in India through consent-based principles. While it addresses important aspects of data protection, certain key issues and omissions warrant careful consideration to ensure effective and balanced data privacy regulations.

Digital Personal Data Protection Bill 2023

What are the key points of data protection bill 2023?

The legislation also permits the establishment of a Data Protection Board (DPB), responsible for offering corrective actions for reported instances of data breaches. Additionally, the Board is empowered to suggest the removal of content or the suspension of a digital intermediary for reasons of "public interest."

What is the DPDP Act summary?

The DPDP Act brings forth comprehensive regulations pertaining to the responsibilities of providing notice and obtaining consent. It outlines acceptable scenarios for processing personal data without explicit consent under the category of 'legitimate uses'. Moreover, it sets up an 'Appellate Tribunal' to address grievances and places increased duties on data fiduciaries when managing personal data.

What are the effects of Dpdp bill?

The DPDP Bill also empowers the establishment of an autonomous entity with primary responsibilities that encompass: (i) overseeing adherence to the DPDP Bill; (ii) levying sanctions; (iii) issuing directives to address and alleviate data breaches; (iv) investigating data breaches; and (v) addressing grievances through hearings.

Also Read:
Capital Market: Definitions, Types, Functions, Examples, and Instruments	List of Most Polluted Cities in the World in 2023
Complete List of 8 Wildlife Sanctuaries in India	International Monetary Fund: History, Functions, and Goals

Mon	Tue	Wed	Thu	Fri	Sat	Sun
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Digital Personal Data Protection Bill 2023: Key Points And Analysis