On August 7, 2023, the Lok Sabha passed the Digital Personal Data Protection Bill through a voice vote. The session was marked by opposition members protesting the Manipur issue with slogans. The primary objective of this bill is to safeguard the privacy of Indian citizens, addressing concerns related to the mishandling and inadequate protection of individual data. Notably, the bill incorporates stringent penalties, varying from a minimum of Rs 50 crore to a maximum of Rs 250 crore, for individuals or entities found to be in breach of its stipulations.

Following the landmark declaration by the Supreme Court, recognizing the 'Right to Privacy' as a fundamental right, the Digital Personal Data Protection Bill has emerged after a span of six years. This legislation is designed to effectively counter the inappropriate handling of individual data by online platforms. The bill encompasses a comprehensive framework that encompasses personal data originating within India, spanning both digital records and offline information that has been digitized. Notably, even in cases where data processing takes place outside of India but pertains to the provision of goods or services to individuals within the nation, the regulations stipulated by the bill will be applicable.

On August 3, the Digital Personal Data Protection Bill was introduced in the Lok Sabha by Ashwini Vaishnaw, who holds the position of Union Communications, Electronics, and Information Technology Minister. In the face of opposition's suggestions to send the bill to the standing committee for additional scrutiny, Vaishnaw maintained that the bill was of a standard nature and proceeded to present it for deliberation.

Key Points of the Bill

• Organizations responsible for user data must guarantee the security of personal information, even if it is held by third-party data processors.
• If a data breach occurs, companies are obligated to swiftly notify both the Data Protection Board (DPB) and the individuals whose data has been compromised.
• Specific regulations are in place for minors and individuals with guardians: The processing of data belonging to minors and those under guardianship is permissible only with the explicit consent of their respective guardians.
• Companies must designate a Data Protection Officer and provide their contact information to users as part of the requirement.
• The legislation grants authority to the central government to oversee the transfer of personal data to foreign countries or territories outside of India.
• The Telecom Disputes Settlement and Appellate Tribunal will be responsible for reviewing appeals regarding decisions made by the Data Protection Board (DPB).
• Under its jurisdiction, the DPB possesses the power to call and question individuals under oath, scrutinize documents from companies managing personal data, and propose the restriction of access to intermediaries that consistently violate the regulations outlined in the bill.
• Penalties determined by the DPB will vary according to the gravity and type of breach, potentially reaching a maximum of Rs 250 crore for cases involving data breaches, inadequate protection of personal data, or failure to notify both the DPB and affected users about a breach.

Source: Times Of India