Digital Data Protection Bill- 2023

Blog Credit: Trupti Thakur

Image Courtesy: Google

Digital Data Protection Bill In India 2023

The Lok Sabha has passed the Digital Personal Data Protection Bill, 2023. This legislation sets out the responsibilities of entities handling and processing digital data while upholding the rights of individuals in India. The bill introduces substantial penalties, ranging from a minimum of Rs 50 crore to a maximum of Rs 250 crore, for those found violating its provisions.

The primary objective of the Digital Personal Data Protection Bill, 2023 is to establish a comprehensive framework for the protection of personal data. This framework extends its jurisdiction to personal data collected within India, both online and offline data that has been subsequently digitized. Moreover, if data processing occurs outside India but involves offering goods or services to individuals within the country, the bill’s regulations will apply.

 

Union Communications, Electronics and Information Technology Minister Ashwini Vaishnaw presented the bill in the Lok Sabha on August 3. Despite calls from the opposition to refer the bill to the standing committee for further examination, Vaishnaw defended its nature as a “normal bill” and moved it for discussion.

 

The Digital Personal Data Protection Bill, 2023 which lays down the obligations of entities handling and processing data as well as the rights of individuals. The bill proposes a maximum penalty of Rs 250 crore and minimum of Rs 50 crore on entities violating the norms.

Some amendments moved by opposition members were defeated by a voice vote.

 

Moving the bill for consideration and passage, Union IT Minister Ashwini Vaishnaw said opposition members had little concern for issues such as public welfare and the protection of people’s personal data, and hence, they were raising slogans. He also urged the House to pass the bill unanimously.

The norms of the bill will apply to personal data collected within India from data principals online, and personal data collected offline, but subsequently digitised. It will also apply to such processing outside India if it is for offering goods or services to individuals in India.

 

Vaishnaw had tabled the bill in the lower house on August 3. Opposition had demanded that it should be sent to the standing committee for scrutiny. While moving the bill, the IT minister had rejected suggestions that it was a money bill saying it was a “normal bill”.

The bill provides for the processing of digital personal data in a manner “that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes”.

Key provisions of the bill

 

• Firms dealing with user data must protect personal data even if it is stored with a third-party data processor
• In case of a data breach, companies must inform the Data Protection Board (DPB) and users
• Children’s data and data of physically disabled persons with guardians must be processed after consent from guardians
• Firms must appoint a Data Protection Officer, and provide such details to users
• The Centre retains the power to restrict the transfer of personal data to any country, or territory outside India
• Appeals against DPB decisions to be heard by the Telecom Disputes Settlement and Appellate Tribunal
• DPB may summon, examine people under oath, inspect books, and documents of companies working with personal data
• DPB to decide on penalty after considering the nature and gravity of the breach, the type of personal data impacted
• DPB may advise government to block access to an intermediary, if DPDP Bill provisions are breached more than twice
• Penalties can go up to Rs 250 crore for a data breach, failure to protect personal data or inform DPB and users of the breach.

 

Blog By: Trupti Thakur