Latest Updates
Lok Sabha passes the Digital Personal Data Protection Bill amidst opposition protest
Lok Sabha on Monday passed the Digital Personal Data Protection Bill 2023, despite facing opposition's objection. The bill is now pending before the Rajya Sabha. The opposition demanded a committee for further scrutiny of the Bill that was dismissed by the government. While the govt. aims there will be a better system to handle the data breach problems, but opposition feels otherwise , claims privacy of citizens will be compromised . Opposition parties have also questioned if the new law could dilute the existing Right to Information act as personal data of govt. can be protected and exempted creating possibility of firewalling of RTI. On that Ashwini Vaishnav replied “The harmonisation between RTI and personal data has been done in the BIll”.
What is the Digital Data Protection Bill (DDPB)?
The Digital Personal Data Protection Bill, also known as the data protection Bill, enables the handling of digital personal data while respecting individuals' rights to safeguard their information and the lawful processing of personal data. The bill defines a personal data breach as any unauthorized or accidental compromise of personal data, impacting its confidentiality, integrity, or availability.
Highlights of the Bill
1. The bill will process the digital personal data whether collected online or offline. It will also act on the same phenomenon outside India if offering services or goods in India.
2. Data trusties will be assigned to maintain the accuracy of data, keep data secure, and delete data once it's purpose has been met.
3. The Bill offers certain rights to gather information, seek correction and erase or redressal of it.
4. The central government will establish the Data Protection Board of India to lookover on non compliance with the provisions of the Bill.
5. The Bill will not regulate risks or harms which will arise from processing the personal data
6. The Bill allows the transfer of personal data outside India, except to such countries which are being notified by the central government.
7. In any case a data breach occurs the company has to inform the Data Protection Board (DPB) and users.
8. Companies must appoint a data protection officer who will provide such details to the user.
9. DPB may ask the government to block access to an organisation if the bill provisions are breached twice.
10. Firms who are dealing with personal data must protect them even if it is stored with a third party data processor.
11. The data consumption of minors (below age 18) must be in control and parental permissions are required.
What is Personal Data breach?
A personal data breach, as defined by the bill, refers to unauthorized processing of personal data or accidental incidents such as disclosure, acquisition, sharing, use, alteration, destruction, or loss of access to personal data, which leads to compromising the confidentiality, integrity, or availability of that data.
What is the Applicability of the Bill?
The bill's provisions will cover personal data collected within India from individuals online, and also personal data collected offline but later converted into digital format.
What are the Penalties for violation?
The proposed penalties for non-compliance range from Rs 50 crore to a maximum of Rs 250 crore for violating entities.