Report on Personal Data Protection Bill report adopted by Parliamentary panel; Know its features
A report on the personal data protection bill was adopted by a parliamentary panel on the evening of July 26. The bill is yet to be tabled in the Parliament. Know its basic features.
On Wednesday, July 27, a report on the Digital Personal Data Protection Bill (DPDP or PDP) was adopted by a 31-member Parliamentary Standing Committee on Communications and Information Technology, headed by MP Prataprao Jadhav. This comes after the Union cabinet, headed by PM Narendra Modi, had cleared the draft of the 2023 version of the bill on July 5. The bill is yet to be tabled in the Parliament itself. The bill aims to safeguard personal data and improve overall data security in India. Let us take a look at basic features.
Digital Personal Data Protection Bill: Features
The Bill proposes an enormous domain of governance allowing the processing of digital personal data within India where such data is collected online, or collected offline and is digitized. It will also apply to such processing outside India if it is for offering goods or services or profiling individuals in India, according to a report by PRS.
A big focus has been put on the right to privacy, and an emphasis has been placed on an individual's consent for data collection, storage, and processing. The onus of getting the consent would fall upon businesses, internet companies, mobile apps, and any such entities that store or have access to personal data. Violations of the rule could end up in a hefty fine of Rs. 250 crore per instance, capping at Rs. 500 crore.
The 2023 version of the Bill proposes creating a Data Protection Board of India (DPB). This board will be empowered with regulatory powers alongside enforcement and adjudication responsibilities in all matters relating to personal data security.
The Bill exempts government bodies from data protection regulations, meaning they can process individuals' personal data without their consent. However, this will only be applicable for ‘fair and reasonable' reasons and for matters of public interest.
The Bill also introduces a new entity, Significant Data Fiduciary (SDF), which will bear an increased responsibility in following all the regulations on data security, will have to appoint independent data auditors, conduct regular data protection impact assessments, nominate a data protection officer, and face a high level of scrutiny.