Data Protection Bill: The Lok Sabha on Monday passed the Digital Personal Data Protection Bill, 2023 by a voice vote amid sloganeering by opposition members over the Manipur issue. The Bill was introduced in Lok Sabha on August 3 by Electronics and Information Technology Minister Ashwini Vaishnaw. The bill seeks to protect the privacy of Indian citizens while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect the digital data of individuals.
While introducing the bill for consideration and passage, Union IT Minister Ashwini Vaishnaw said that opposition members appeared to have limited concern for matters such as public welfare and safeguarding individuals' personal data and hence, they are engaged in raising slogans during the proceedings.
The bill which comes after six years of the Supreme Court declaring "Right to Privacy" as a fundamental right has provisions to curb the misuse of individuals' data by online platforms.
Key highlights
- The bill aims to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes.
- The Bill will apply to the processing of digital personal data within India where such data is collected online, or offline and is digitised. It will also apply to such processing outside India if it is for offering goods or services to individuals in India.
- Personal data may be processed only for a lawful purpose upon consent of an individual. Consent may not be required for specified legitimate uses such as voluntary sharing of data by the individual or processing by the State for permits, licenses, benefits, and services.
- Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met.
- The central government will establish the Data Protection Board of India to adjudicate on non-compliance with the provisions of the Bill. The members of the Data Protection Board of India will be appointed for a term of two years, with the option for re-appointment.
- Children’s data and data of physically disabled persons with guardians must be processed after consent from guardians.
- The Bill allows transfer of personal data outside India, except to countries restricted by the central government through notification.
- Rights of the data principal and obligations of data fiduciaries (except data security) will not apply in specified cases.
- Personal data may be processed only for a lawful purpose after obtaining the consent of the individual. A notice must be given before seeking consent.
- Bill specifies penalties for various offences such as up to Rs 200 crore for non-fulfilment of obligations for children, and Rs 250 crore for failure to take security measures to prevent data breaches. Penalties will be imposed by the Board after conducting an inquiry.
