Salient Features of Digital Personal Data Protection Bill in India
The right to privacy is a fundamental right in India and the MeitY (Ministry of Electronics and Information Technology) has recently issued a press release to define and explain the Digital Personal Data Protection Bill (DPDP Bill).
This bill was introduced to safeguard personal data, promote privacy, and empower individuals. So, in this blog, we will talk about all the features of this DPDP Bill 2023.
What is the Digital Personal Data Protection Bill (DPDP)?
The Digital Personal Data Protection Bill (DPDP) is a legislative proposal and an Act of Parliament of India that manages personal data. This bill aims to protect individuals’ privacy by establishing rules and responsibilities for data fiduciaries, ensuring consent-based data processing.
Moreover, the bill has also introduced a Data Protection Board (DPB) to oversee compliance and impose penalties for data breaches and non-compliance.
Features of the DPDP Bill in India
The bill offers several features that aim to protect personal data and enhance privacy in the digital age. Here are the key features of DPDB:
Application and Scope
The DPDP Bill is all about protecting your personal data, especially online. If a company from another country is offering services to people in India and collects data, this law applies to them too. But, if you’re using your personal data for private or home reasons, or if you have made it public due to any reason, this law doesn’t count.
Companies can use your data for things that are allowed by law, as long as they ask for your permission. They have to explain what they’ll do with your data and what rights you have.
Rights to Data Principles
One of the features of the bill is that the Digital Personal Data Protection Bill respects the rights of people whose data are being used. These people have rights to data principles, and they can see their data, fix mistakes, delete their data, and more. The companies or people using this data (Data Fiduciaries) must follow these rules while keeping the data safe and accurate.
User Consent
The bill has introduced the concept of user consent. This means that your data can be accessed only with your permission, that too for legitimate purposes.
The bill also ordered the data fiduciaries to issue a notification to users before accessing their data or seeking consent. Moreover, the companies can only ask for data for lawful purposes. Users have the right to withdraw or deny their consent at any point in time.
Introduction of Data Protection Board
The Bill also launched a Data Protection Board (DPB) in response to the need for a separate entity to handle personal data. The DPB will monitor and track the use of personal data and take immediate action in any data breach incident. Moreover, they can impose penalties and take legal action against non-compliant fiduciaries.
Data Processing Guidelines for Data Fiduciaries
Data Fiduciaries are organizations or companies that are responsible for managing personal information. The bill states that they must follow certain rules to protect individuals’ personal data. They need to get clear permission from individuals, explain why they are collecting the data, make sure the information is accurate, keep it safe, and follow the data protection laws. These guidelines help keep people’s information private and make sure data is used in a fair and open way.
Moreover, data Fiduciaries must use strong security measures to protect data and inform people if there’s a data breach and they should delete personal data when it’s no longer needed.
Cross-border Data Processing
Cross-border personal data transfer means moving someone’s personal information from one country to another. It involves dealing with different laws, rules, and security measures to keep the data safe and in line with privacy laws as it goes from one place to another.
The Central Government can set rules on how and where this data is stored when it’s sent across borders. This helps keep people’s data safe no matter where it goes.
Penalties
The DPDP Bill has the right to impose fines for not following the rules. If Data Fiduciaries fail to protect data properly and there’s a breach, they could be fined up to Rs 250 Crores.
Moreover, if any entity hides the information about the breach, or does not follow rules for children’s data, they could be fined up to Rs 200 Crores. Here’s an image of a total breakdown of fees:
Conclusion
The Digital Personal Data Protection Bill is like a guard that prevents your personal information from theft on the internet in India. It tells who is responsible for data, when and how they can use it, and what happens if they don’t follow the rules. This law will give you more control over your data and make sure that companies are careful with it.
Shubham Roy is an experienced writer with a strong Technical and Business background. With over three years of experience as a content writer, he has honed his skills in various domains, including technical writing, business, software, Travel, Food and finance. His passion for creating engaging and informative content... Read more