- The Union Cabinet has approved the Digital Personal Data Protection (DPDP) Bill, which would be tabled in Parliament during the forthcoming Monsoon Session.
- This Act intends to regulate the management of Indian residents’ personal data, with an emphasis on explicit agreement for data collection and utilisation.
DPDP, Bill: Key Features and Concerns
(A) Data Protection Norms and Consent
- Data Protection Law: The DPDP Bill provides standards for personal data management and requires specific agreement from individuals whose data is gathered and processed.
- Transparency is limited: More over 20,000 comments were received during the public consultation on the draught Bill, but these remarks were not made public.
- Minimal Changes: The final Bill, which will be tabled in Parliament, is said to differ little from the initial draught released for public comment.
(B) Data Protection Board and Grievance Redressal
- The DPDP Bill empowers individuals to file complaints with the Data Protection Board of India, which is comprised of government-appointed technical experts, in the event of unauthorised data usage.
- Breach Investigation: The Board will launch an investigation into reported breaches of personal data.
(C) Provisions and Penalties
- EU Influence: The DPDP Bill is inspired by the EU’s General Data Protection Regulation, which outlines practises for companies collecting personal data, storing it, processing it, and protecting data subjects’ rights.
- Voluntary Undertaking: To avoid legal litigation, entities can admit a breach and pay a penalty.
- Penalties and fines: Penalties for violations can go up to 250 crore, with the possibility of an increase to 500 crore. Individual offences may result in fines beginning at $10,000.
- The role of the Data Protection Board is to levy fines and punishments for violations, with a maximum penalty of 500 crore for data breaches.
(D) Exemptions and Concerns
- Courts and Law Enforcement Exemptions: The Bill exempts courts and law enforcement agencies from certain standards when processing personal data for the prevention, detection, investigation, or prosecution of crimes.
- Worries over RTI Amendment: A provision in the DPDP Bill causes worries among Right to Information campaigners since it may limit the sharing of “personal information” by government agencies, potentially limiting transparency and accountability.
Potential Final Draught Changes
- Cross-Border Data Transfers: The approach to cross-border data transfers may evolve from a ‘whitelisting’ to a ‘blacklisting’ process.
- Stricter Deemed Consent: The “deemed consent” clause for private entities should be reworded to be more severe, while government departments may assume consent for processing personal data in the purpose of national security and public interest.
International Comparisons
- Global Data Protection Laws: A large number of nations have passed data protection and privacy legislation, with the GDPR serving as a model for several.
- Models from the EU, the US, and China: The EU focuses on comprehensive data protection, the US emphasises privacy as “liberty protection,” and China has enacted new data privacy and security regulations.
Why bring it up again?
- Previous Withdrawal: Due to opposition from numerous stakeholders, a previous version of the data protection Bill was withdrawn from Parliament in 2021.
- International Importance: The adoption of the DPDP Bill is critical for India’s trade agreements, especially with regions such as the European Union, which has comprehensive privacy rules under the General Data Protection Regulation (GDPR).
@the end
The Bill introduces stricter data collection and usage norms in India, emphasizing explicit consent and penalties for breaches, but concerns arise about limited transparency and potential exemptions.
Source: https://indianexpress.com/article/explained/explained-economics/data-protection-bill-approved-by-cabinet-content-concerns-8780035/