India's Digital Personal Data Protection Bill 2023 (TOI)
- 04 Aug 2023
- The central government will notify countries where data fiduciaries may transfer personal data.
- Such transfers will be subject to prescribed terms and conditions.
- Exemptions:
- Certain specified cases will be exempt from certain rights of data principals and obligations of data fiduciaries, excluding data security. These cases include:
- Prevention and investigation of offenses.
- Enforcement of legal rights or claims.
- The central government may, through notification, exempt certain activities from Bill's application, such as
- Processing by government entities for national security and public order.
- Data processing for research, archiving, or statistical purposes.
- Data Protection Board of India:
- The central government will establish the Data Protection Board of India.
- Key functions of the Board include:
- Monitoring compliance and imposing penalties.
- Directing data fiduciaries to take necessary measures in the event of a data breach.
- Addressing grievances made by affected individuals.
- Penalties:
- The Bill outlines penalties for various offenses, including
- Fines of up to Rs 200 crore for non-compliance with obligations related to children's data.
- Fines of up to Rs 250 crore for failure to implement adequate security measures to prevent data breaches.
Importance of the Digital Personal Data Protection Bill, 2023:
- The Digital Personal Data Protection Bill 2023 holds significant value as it aims to ensure the safety and privacy of users’ personal data while granting them greater control over its portability. The bill sets forth stringent measures and norms that will hold big corporations and consumers accountable, imposing substantial fines on those who fail to comply.
- The primary objective of the bill is to enhance the accountability of entities, including internet companies, mobile apps, and businesses, in their collection, storage, and processing of citizens' data, safeguarding the citizens' "Right to Privacy." Once approved, various public and private entities will be obligated to obtain explicit consent from users before collecting and processing their data.
- This landmark legislation signifies a major step towards valuing and protecting the privacy of each consumer, ensuring that their personal data is handled with utmost care and responsibility, creating a safer and more secure digital environment for all.
Concerns regarding the Digital Personal Data Protection Bill, 2023, include several contentious issues:
- The government and its agencies are granted wide-ranging exemptions.
- The powers of the data protection board might be diluted.
- The proposed amendment to the Right to Information Act, of 2005, is causing worries, particularly due to the removal of the public interest caveat that could restrict sharing of government officials' personal information.
- The bill overrides Section 43A of the Information Technology Act, 2000, which mandates compensation for mishandling user data by companies. The new compensation mechanism has been questioned, as it may impact users' ability to seek adequate redress.
- Addressing these concerns is essential to ensure a comprehensive and balanced approach to safeguarding personal data in the digital realm.
What are Data Privacy Regulations in Other Countries?
- Approximately 70% of countries worldwide have implemented data protection legislation, as reported by the United Nations trade agency UNCTAD.
- The EU's General Data Protection Regulation (GDPR), enforced in 2018, is considered the most stringent privacy and security law globally and serves as a benchmark for data protection regulations.
- Several countries, such as China and Vietnam, have recently strengthened their laws concerning the cross-border transfer of personal data to enhance data privacy.
- In 2018, Australia passed a bill granting police access to encrypted data.
In conclusion, the Digital Personal Data Protection Bill, 2023, offers extensive rights to individuals, granting them enhanced visibility, awareness, decision-making autonomy, and control over their data. It imposes strict obligations on companies to adhere to individual rights and establishes robust redressal mechanisms, backed by significant penalties for non-compliance.
Moreover, the Bill reinforces the landmark judgment of the Supreme Court in the case of Justice K. S. Puttaswamy (Retd) Vs Union of India (2017). In this judgment, a nine-judge bench unanimously recognized the constitutionally protected fundamental right to privacy for Indians, affirming that privacy is an intrinsic aspect of life and liberty under Article 21 of the Constitution. The Digital Personal Data Protection Bill, 2023, is a crucial step towards upholding this fundamental right and ensuring better protection of personal data in the digital age.
Mains Question:
- Examine the provisions and significance of the Digital Personal Data Protection Bill, 2023, comparing it to global data privacy regulations and its alignment with the Indian Supreme Court's right to privacy ruling. (15M)