The Lok Sabha on Monday passed the Digital Personal Data Protection Bill, 2023 even as opposition leaders opposed it..
The Bill aims to manage digital personal data by balancing individuals’ right to safeguard their data with the need to lawfully process such data for relevant purposes.
“A Bill to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto,” the Bill’s text says.
The Bill was introduced by Ashwini Vaishnaw the Union Minister for Electronics and Information Technology, on August 3, amidst reports suggesting that the Bill had been classified as a money bill. The Minister had made it clear that it was, in fact, a regular bill.
The clarification came after Congress politician and former Union minister Manish Tewari had expressed his disapproval of the Bill being introduced as a money bill.
The Bill applies to digital personal data processing in India, including online and digitized offline data. It extends to processing outside India for offering Indian goods or services.
Personal data needs consent for lawful processing, with exceptions like voluntary sharing or state-related processing.
Data fiduciaries will bear the responsibility of maintaining data accuracy, ensuring data security and deleting data once its intended purpose has been fulfilled.
The Bill bestows certain rights upon individuals, encompassing the right to access information, request data correction and erasure and seek resolution for grievances.
Under certain circumstances, government agencies may be exempted by the Central government from adhering to the provisions of the Bill. These circumstances typically revolve around specific grounds, such as safeguarding the state’s security, maintaining public order and preventing offences.
To oversee compliance with the Bill’s provisions, the Central government will establish the Data Protection Board of India, which will be tasked with adjudicating cases of non compliance.
Concerns have been raised regarding the potential violation of the fundamental right to privacy due to exemptions granted for data processing by the State, particularly under the grounds of national security. These exemptions could potentially result in data collection, processing, and retention beyond what is deemed necessary.
It has also been pointed out that the Bill does not regulate risks of harms arising from processing of personal data.
Furthermore, the Bill permits the transfer of personal data outside of India, except to countries that have been notified by the Central government. However, this mechanism might not guarantee a thorough evaluation of the data protection standards in the countries where the transfer of personal data is allowed.
The members of the Data Protection Board of India will be appointed for a term of two years, with the option for re-appointment. The relatively short tenure coupled with the possibility of re-appointment could potentially impact the independent functioning of the Board.
Notably, the Bill is the first law in India to use she/her pronouns while referring to all genders.
The Bill’s “Interpretation” provision clarifies that the pronouns “her” and “she” in the proposed legislation have been used for an individual, irrespective of gender.
Name- Priya Dubey , College- Lloyd law college , Semester – 3rd
0 Comments