10 Features of the Digital Personal Data Protection Bill, 2023

The Digital Personal Data Protection Bill, 2023, which was approved by the Lok Sabha on Monday, outlines regulations for companies that collect data online while allowing exceptions for the Government and law enforcement agencies.

The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.

Here are 10 salient features of the DPDP Bill, 2023:

  1. The Bill protects digital personal data (that is, the data by which a person may be identified) by providing for the following:
    • The obligations of Data Fiduciaries (that is, persons, companies and government entities who process data) for data processing (that is, collection, storage or any other operation on personal data)
    • The rights and duties of Data Principals (that is, the person to whom the data relates)
    • Financial penalties for breach of rights, duties and obligations.
  2. The Bill also seeks to achieve the following:
    • Introduce data protection law with minimum disruption while ensuring necessary change in the way Data Fiduciaries process data
    • Enhance the Ease of Living and the Ease of Doing Business
    • Enable India’s digital economy and its innovation ecosystem.
  3. The Bill is based on the following seven principles:
    • The principle of consented, lawful and transparent use of personal data
    • The principle of purpose limitation (use of personal data only for the purpose specified at the time of obtaining consent of the Data Principal)
    • The principle of data minimisation (collection of only as much personal data as is necessary to serve the specified purpose)
    • The principle of data accuracy (ensuring data is correct and updated)
    • The principle of storage limitation (storing data only till it is needed for the specified purpose)
    • The principle of reasonable security safeguards
    • The principle of accountability (through adjudication of data breaches and breaches of the provisions of the Bill and imposition of penalties for the breaches).
  4. The Bill has a few other innovative features: The Bill is concise and SARAL, that is, Simple, Accessible, Rational & Actionable Law as it—
    • Uses plain language
    • Contains illustrations that make the meaning clear
    • contains no provisos (“Provided that…”)
    • Has minimal cross-referencing.
  5. By using the word ‘she’ instead of ‘he’, for the first time it acknowledges women in Parliamentary law-making.
  6. The Bill provides for the following rights to individuals:
    • The right to access information about personal data processed
    • The right to correction and erasure of data
    • The right to grievance redressal
    • The right to nominate a person to exercise rights in case of death or incapacity

    For enforcing his/her rights, an affected Data Principal may approach the Data Fiduciary in the first instance. In case he/she is not satisfied, he/she can complain against the Data Fiduciary to the Data Protection Board in a hassle-free manner.

  7. The Bill provides for the following obligations on the data fiduciary:
    • To have security safeguards to prevent personal data breach
    • To intimate personal data breaches to the affected Data Principal and the Data Protection Board
    • To erase personal data when it is no longer needed for the specified purpose
    • To erase personal data upon withdrawal of consent
    • To have in place a grievance redressal system and an officer to respond to queries from Data Principals; and
    • To fulfill certain additional obligations in respect of Data Fiduciaries notified as Significant Data Fiduciaries, such as appointing a data auditor and conducting periodic Data Protection Impact Assessments to ensure a higher degree of data protection.
  8. The Bill safeguards the personal data of children also:
    • The Bill allows a Data Fiduciary to process the personal data of children only with parental consent.
    • The Bill does not permit processing that is detrimental to the well-being of children or involves their tracking, behavioral monitoring or targeted advertising.
  9. The exemptions provided in the Bill are as follows:
    • For notified agencies, in the interest of security, sovereignty, public order, etc.
    • For research, archiving or statistical purposes
    • For startups or other notified categories of Data Fiduciaries
    • To enforce legal rights and claims
    • To perform judicial or regulatory functions
    • To prevent, detect, investigate or prosecute offences
    • To process in India the personal data of non-residents under foreign contract
    • For approved mergers, demergers, etc.
    • To locate defaulters and their financial assets etc.
  10. The key functions of the Board are as under:
    • To give directions for remediating or mitigating data breaches
    • To inquire into data breaches and complaints and impose financial penalties
    • To refer complaints for Alternate Dispute Resolution and to accept Voluntary Undertakings from Data Fiduciaries
    • To advise the Government to block the website, app etc. of a Data Fiduciary who is found to repeatedly breach the provisions of the Bill.

Source: PIB

Latest news

Government Extends Support Under RoDTEP Scheme Till June 2024

New Delhi: The government has decided to extend the assistance of the Remission of Duties and Taxes on Exported...

MoS Rameshwar Teli Distributes 111 Appointment Letters

Kohima: In the nation's ongoing Rozgar Mela, Rameshwar Teli, the Union Minister of State for Petroleum and Natural Gas...

REC and PNB Collaborate to Co-finance Infrastructure Project Debts

New Delhi: REC Limited and Punjab National Bank (PNB) have entered into a Memorandum of Understanding (MoU) to jointly...

Rs. 256 Crore Relief Granted to MSMEs Under Vivad se Vishwas – I Scheme

New Delhi: COVID-19 posed significant challenges to businesses, but in a major relief for Micro, Small, and Medium Enterprises...

You might also likeRELATED
Recommended to you