On July 5, 2023, the Union Cabinet, chaired by Prime Minister(PM) Narendra Modi, approved the Draft of Digital Personal Data Protection (DPDP) Bill, 2022, will be tabled in Parliament during the upcoming Monsoon session that will start on July 20 and continue till August 11 2023.
- The bill aims to provide consent-based data collection techniques.
What is DPDP Bill?
The Bill frames out the rights and duties of the citizen (Digital Nagrik) and the obligations to use collected data lawfully of the data fiduciary (entities that collect personal data). It is based on the following six principles of the data economy:
i.Collection and usage of the personal data of citizens of India.
ii.Data collection exercise: It must be for a legal purpose and the data should be safely stored till the purpose is served.
iii.Data minimization: Only relevant data should be collected of individuals and serving the pre-defined purpose should be the only aim.
iv.Data Protection and Accountability
v.Accuracy of data
vi.Rules regarding reporting a data breach
Background of DPDP Bill:
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, established by the Central Government under the Information Technology (IT) Act 2000 regulates the usage of personal data. However, it has been recognized that this framework is insufficient to ensure adequate protection of personal data.
In response to this concern, the central government formed a Committee of Experts on Data Protection in 2017 chaired by Justice Bellur Narayanaswamy Srikrishna. The committee submitted its report in July 2018.
Based on the recommendations of the committee, the Personal Data Protection Bill, 2019 was introduced in the Lok Sabha (the lower house of the Parliament of India) in December 2019. The bill was then referred to a Joint Parliamentary Committee for further examination, which presented its report in December 2021.
However, in August 2022, the bill was withdrawn from Parliament. Subsequently, in November 2022, the Ministry of Electronics and Information Technology (MeitY) released the Draft Digital DPDP Bill, 2022 for public feedback, for which, MeitYÂ received and considered 21,666 suggestions.
Key Proposals in the Bill:
i.It requires data fiduciaries, to maintain the accuracy of data, keep data secure, and delete data once their purpose has been met.
ii.It empowers the Data Protection Board (DPB) to levy a penalty of up to Rs 250 crore on organisations for every instance of violation of norms.
- It can also increase such fines to a maximum of Rs 500 crore with requisite cabinet approval. Such increases will not require any amendments to the Law.
iii.The definition for children will be retained as anyone under the age of 18 amid sustained pushback from industry experts.
iv.The proposed law could allow global data flows by default to all jurisdictions other than a specified ‘negative list’ of countries, essentially an official blacklist of countries where transfers would be prohibited.
Penalties in the Bill:
DPDP Bill Proposes six types of penalties on non-companies to companies:
i.To prevent a personal data breach, a penalty of up to Rs 250 core is being proposed (as mentioned above).
ii.Failure to notify the Board and affected Data Principals in the event of a personal data breach will be penalized upto Rs 200 crore.
iii.Non-fulfilment of additional obligations in relation to Children will attract a penalty of up to Rs 200 crore.
iv.Non-fulfilment of additional obligations of Significant Data Fiduciary under sections 11 of the Act may attract Rs 150 crore fine.
v.Non-fulfilment of additional obligations of Significant Data Fiduciary under sections 16 of the Act may attract Rs 10 crore fine.
vi.Non-compliance with provisions of this Act other than those listed in (1) to (5) and any rule made thereunder will attract penalties up to Rs 50 crore.
Applicability of Bill:
It will apply to processing of digital personal data within India; and to data processing outside the country if it is done for offering goods or services, or for profiling individuals in India.
How will this bill be beneficial?
i.The Bill will enhance India’s trade negotiations with other nations like the European Union (EU), whose General Data Protection Rules (GDPR) are among the world’s most exhaustive privacy laws.
ii.It will also empower individuals to question private companies as well as governments about their data collection, processing, and storage.
iii.It is a crucial pillar of the overarching framework of technology regulations which also includes the Digital India Bill, the proposed successor to the Information Technology Act, 2000; the draft Indian Telecommunication Bill, 2022;and a policy for non-personal data governance.
Key Points:
i.As per the United Nations Conference on Trade and Development (UNCTAD), approximately 137 out of 194 countries have implemented laws to safeguard data and privacy.
iii.Adoption rates for data protection and privacy laws are 61% in Africa (33 out of 54 countries), 57% in Asia (34 out of 60 countries), and only 48% in Least Developed Countries (22 out of 46).
Recent Related News:
i.The Union Cabinet has approved the National Quantum Mission (NQM) with an outlay of Rs.6003.65 crore for 8 years (from 2023-24 to 2030-31). With this, India will join the top 6 nations (the United States of America (USA), Canada, China, France, Austria, and Finland who are involved in the R&D in the QT.
ii.The Union Cabinet also approved the Cinematograph Amendment Bill, 2023 proposed by the Ministry of Information and Broadcasting (MIB) to amend the Cinematograph Act, 1952. It will be introduced in the upcoming Monsoon Session of Parliament.
About Ministry of Electronics and Information Technology (MeitY):
Union Minister – Ashwini Vaishnaw (Rajya Sabha, Odisha)
Ministers of State (MoS) – Rajeev Chandrasekhar (Rajya Sabha, Karnataka)