On August 3rd, the Indian government brought forward the Digital Personal Data Protection Bill in the Lok Sabha. Despite its initial presentation as a financial Bill, Electronics and Information Technology Minister, Ashwini Vaishnaw, clarified that it didn’t relate to financial matters. The bill proposes a potential fine of up to Rs 250 crore for entities found guilty of misusing or inadequately protecting individuals’ digital data.
However, the bill’s introduction was met with significant opposition from members of the opposition who voiced concerns about its possible impact on people’s fundamental right to privacy.
The DPDP bill is a legislative document that outlines the rights and duties of citizens, and the proper use of collected data by data fiduciaries. The primary aim of the bill is to supervise and ensure the ethical handling of personal data. It explicitly lays out the rights and duties of users, as well as the responsibilities of businesses.
This bill aims to manage digital personal information in a manner that upholds individuals’ right to protect their data while also ensuring that the data can be used lawfully.
This law will be used in India for digital personal data, whether it’s collected in digital form or changed into digital data from non-digital sources. It will also apply to digital personal data used outside India if it’s connected to providing things or services to people in India.
However, this law won’t cover personal data that people use for themselves or share in public spaces. For instance, if someone shares their personal information on social media, this law won’t affect it.
Data Fiduciaries hold key responsibilities under this law. They must process personal data lawfully and transparently, with either consent or valid reasons. Consent requests should be clear, and prior consent must be respected. Data Fiduciaries’ responsibility is to comply with the law, ensure data accuracy, and adopt security measures. Breach notifications are essential. Significant Data Fiduciaries have extra duties, like appointing a Data Protection Officer, undergoing audits, and conducting assessments. These rules’ goal is to ensure ethical data processing, respecting the privacy and rights of citizens.
Under this, the Central Government has the authority to impose restrictions on the transfer of personal data by a Data Fiduciary to a foreign country or territory outside India. However, this section doesn’t limit the application of existing Indian laws that offer greater protection or restrictions on such transfers.
The Bill applies to how digital personal information is used in India. This includes data collected online or made digital from offline sources. It also covers personal data from outside India if it’s used for providing things or services in India. When using personal data, it’s important to have permission and consent from the person it’s about.
People whose data is being used have rights. They can know how their data is used, correct or erase it, and even appoint someone to look after these rights if they can’t. They can also raise complaints. But these rights should be used responsibly and should not be exploited by making false complaints.