In a significant move towards safeguarding individual privacy and regulating digital data handling, the Lok Sabha has successfully passed the Digital Personal Data Protection Bill, 2023. Union Communications, Electronics and Information Technology Minister Ashwini Vaishnaw presented the bill on August 3, despite opposition calls for further committee scrutiny. This legislation aims to establish a robust framework for personal data protection while ensuring the rights of individuals across India. Here’s a detailed breakdown of the bill’s crucial elements:
1. Comprehensive Data Protection Framework: The core objective of the Digital Personal Data Protection Bill, 2023 is to create a comprehensive structure for safeguarding personal data. This framework extends its jurisdiction to all forms of personal data collected within India, including both online and offline information that has been digitized.
2. Extraterritorial Application: The bill’s reach isn’t confined to domestic borders. It applies to data processing occurring outside India but involving the offering of goods or services to individuals within the country.
3. Stricter Data Security: Entities responsible for user data must ensure the protection of personal information, even if it’s stored by third-party data processors. This emphasizes the responsibility of maintaining data security throughout the data lifecycle.
4. Data Breach Notification: In case of a data breach, companies are mandated to promptly notify the Data Protection Board (DPB) and affected users. This provision aims to ensure swift response and communication in the event of a data breach.
5. Protection for Minors and Guardians: Special considerations apply to the processing of data for minors and individuals with legal guardians. Such data processing must only occur with the explicit consent of the respective guardians.
6. Data Protection Officer (DPO): Organizations are required to designate a Data Protection Officer responsible for overseeing data protection measures. DPOs’ contact details must be shared with users to facilitate communication.
7. Government Authority over Data Transfers: The central government holds the authority to regulate the transfer of personal data beyond India’s borders, ensuring secure and compliant data flows.
8. Appeals Mechanism: In cases of disagreement with DPB decisions, an appeals mechanism is established. The Telecom Disputes Settlement and Appellate Tribunal will adjudicate these appeals.
9. DPB’s Extensive Authority: The DPB is endowed with the power to summon individuals for examination under oath, inspect personal data-handling companies’ documents, and recommend blocking access to intermediaries repeatedly breaching the bill’s provisions.
10. Stringent Penalties: Penalties are determined based on the nature and gravity of breaches. Fines, ranging from a minimum of Rs 50 crore to a maximum of Rs 250 crore, are applicable for data breaches, failure to protect personal data, or neglecting to inform the DPB and users of a breach.
The Digital Personal Data Protection Bill, 2023 underscores India’s commitment to secure digital data handling while holding entities accountable for safeguarding user information. With a robust framework in place, individuals can have greater confidence in their online interactions, knowing their personal data is handled with due diligence and care.
