Digital Personal Data Protection Bill and Its Impact On Us
Last Updated : 11 Aug, 2023
The year was the 2000s. Internet Explorer 5.5 was released, the Nokia 3310 mobile phone was announced, and NASDAQ hit its record high. During these exciting times, the Government of India brought in the Information Technology Act. Two long decades and a couple of years later, the government replaced the IT Act of 2000 on 09th August 2023, putting forward the Digital Personal Data Protection Bill.
According to one report, an average Indian spends nearly 10 hours online (source: Times of India). With this act, the Indian Government aims to provide a safe harbour to its citizens and secure their internet experience.
India takes a proactive stance towards the protection of cybersecurity. It has assigned multiple dedicated agencies, including Computer Emergency Response Team-India (CERT-In), Indian Cyber Crime Coordination Centre (I4C), and National Critical Information Infrastructure Protection Centre (NCIIPC), for the job. But none of these agencies are responsible or accountable for protecting and maintaining the data privacy of India’s digital citizens. In 2022, India suffered the second-highest incident of a data breach. Data privacy has been a glaring issue for quite some time now and an exclusive data protection regulation or body has been long overdue.
The newly introduced Digital Personal Data Protection Bill, 2023, is aimed to address the above-mentioned problem and ensure a safe scenario for digital data privacy in the country.
(Read more about recommendations made for the Digital India Bill 2023 here)
What Does This Bill Signify?
The Digital Personal Data Protection Bill, of 2023, aims to prevent the unauthorised use of personal data by online platforms.
Since its introduction, the Information Technology Act, of 2000, has gone through numerous amendments to address, define, and regulate the digital space, putting more emphasis on data handling policies. However, with the increasing number of data breaches, the demand for dedicated data privacy laws has popped up now and then.
In that light, the Indian parliament passed the Digital Personal Data Protection Bill (DPDP) 2023 on 09th August 2023 – six years after the honourable Supreme Court declared data privacy as a fundamental right.
Rajeev Chandrasekhar, Minister of State for Electronics and Information Technology and Skill Development and Entrepreneurship, aims to bring forth unified laws to strengthen personal data protection and establish India as a trusted data destination.
The Digital Personal Data Protection Bill will significantly impact us, the citizens. The law will empower its citizens with more control over their personal data. And now the customer can hold organisations accountable for how they collect and use their (customer’s) personal data.
Impact of DPDP 2023 on Citizens
Here are ways this law will impact you:
- You will have more control over your data. The law has directed data fiduciaries (companies and businesses handling your data) not to process your personal information without your explicit content,
- Also, companies processing your personal information must explicitly inform you why they need this information. In fact, they have to delete the data immediately when you withdraw your consent,
- Any company found misusing your data is liable to pay penalties up to Rs 250 crore per instance of data breach.
Key Highlights of the Digital Data Protection Bill
What is the Digital Personal Data Protection Bill ?
— Rajeev Chandrasekhar 🇮🇳 (@Rajeev_GoI) August 3, 2023
This bill aims to create a comprehensive data privacy law for protecting national citizens. While drafting this bill, the ministry retained certain parts of the legislation proposed in November 2022.
Some of the key highlights of the DPDP Bill 2023 are:
Data Protection Principles
The DPDP Bill aims to install multiple data protection regulations for organisations that collect and process personal data. Under these regulations, these organisations can collect personal data only for lawful purposes and in a fair and transparent manner. Also, they can only store personal data as long as it is necessary for the specific purposes for which it was collected.
Establishment of DPA
This bill establishes a Data Protection Authority (DPA) that will oversee information privacy and compliance with the law. The DPA will have the power to investigate complaints, impose penalties, and issue directions to data fiduciaries (organisations collecting and processing personal data).
Also, this bill imposes significant penalties for non-compliance, including fines of up to ₹250 crore or 4% of global turnover, whichever is higher.
The PDP Bill grants individuals a number of rights with respect to their personal data, including the following:
- Individuals have the right to be informed about how their personal data is being collected and processed,
- The Right to access their personal data,
- The Right to correct their personal data,
- The Right to delete their personal data,
- The Right to object to the processing of their personal data,
- The Right to data portability.
Digital Data Protection Bill Concerns
The DPDP Bill aims to safeguard “personal data”, but it has provisions for collecting data for “lawful purposes.” However, many parties, including the opposition and data privacy advocates, raised concerns regarding the bill. According to many, this bill might allow government bodies to censor content citing national security or maintenance of public order.
However, in responding to concerns IT Minister Ashwini Vaishnaw pointed out that these exemptions were necessary. Further, he notes that, unlike the European Union’s General Data Protection Regulation (GDPR), the Indian bill has only 4 exemptions.
Also, another concern is that this law can dilute the Right to Information (RTI) Act to shield government functionaries, thereby preventing access to their information.
With 140 crore citizens using the internet for accessing multiple services, a powerful and dedicated data protection bill is the need of the day. This bill aims to make the digital world safer and more trustworthy for the average digital citizen of the nation. Now, of course, there are concerns regarding curbing press freedom and aiding government bodies free from the RTI regulations.
The future of data privacy and cyber laws in cyber security for India remains to be seen.