Home   »   Personal Data Protection Bill   »   Digital Personal Data Protection Bill 2022

Draft Digital Personal Data Protection Bill 2022 Released by Government

Draft Digital Personal Data Protection Bill 2022

Digital Personal Data Protection Bill: Personal Data Protection is important part of personal privacy of an individual in a democratic society. Draft Digital Personal Data Protection bill aims to secure digital privacy Indian Citizens. Draft Digital Personal Data Protection Bill 2022 is important for UPSC Prelims Exam (Constitutional Protection and Legislative Measure) and UPSC Mains Exam (GS Paper 2- Legislative Measures to protect Constitutional Rights).

Sri Kanaka Dasa_70.1

 

Digital Personal Data Protection Bill 2022 News

  • Ministry of Electronics and Information Technology has been deliberating on various aspects of digital personal data and its protection, and has formulated a draft Bill, titled ‘The Digital Personal Data Protection Bill 2022’.

 

What is Digital Personal Data Protection Bill?

  • Digital Personal Data Protection Bill is being framed to outline the rights and duties of ‘digital nagriks’ or citizens while laying out the process and rules for data collection when it comes to companies.
  • Key Objectives: The draft Digital Personal Data Protection Bill is to provide for-
    • The processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and
    • The need to process personal data for lawful purposes, and for matters connected therewith or incidental thereto.

 

What are the Principles of Digital Personal Data Protection Bill?

Draft Digital Personal Data Protection Bill 2022 is based on seven following seven principles-

  • First Principle: Usage of personal data by organisations must be done in a manner that is lawful, fair to the individuals concerned and transparent to individuals.
  • Second Principle: It states that personal data must only be used for the purposes for which it was collected.
  • Third Principle: It talks of data minimisation.
  • Forth Principle: It puts an emphasis on data accuracy when it comes to collection.
  • Fifth Principle: It talks of how personal data that is collected cannot be “stored perpetually by default,” and storage should be limited to a fixed duration.
  • Sixth Principle: It notes that there should be reasonable safeguards to ensure there is “no unauthorised collection or processing of personal data.
  • Seventh Principle: It says that the person who decides the purpose and means of the processing of personal data should be accountable for such processing.

National Data and Analytics Platform

Who are Data Principle, Data Fiduciary and Significant Data Fiduciary?

  • Data Principle: The Draft Digital Personal Data Protection Bill uses the term “Data Principal” to denote the individual whose data is being collected.
    • The law also makes a recognition that in the case of children- defined as all users under the age of 18- their parents or lawful guardians will be considered their ‘Data Principals.’
  • Data Fiduciary: It is the entity (can be an individual, company, firm, state etc), which decides the “purpose and means of the processing of an individual’s personal data.”

 

Who are the Significant Data Fiduciary?

  • Significant Data Fiduciary: The Data Protection bill also talks of ‘Significant Data Fiduciaries, who deal with a high volume of personal data.
  • Criteria: The Central government will define who is designated under this category based on a number of factors ranging from the volume of personal data processed to the risk of harm to the potential impact on the sovereignty and integrity of India.
  • Significant Data Fiduciary category needs to fulfil certain additional obligations to enable greater scrutiny of its practices,” according to the bill’s explanatory note.
  • Data Protection Officer: Such entities will have to appoint a ‘Data protection officer’ who will represent them.
    • They will be the point of contact for grievance redressal.
  • Independent Data Auditor: They will also have to appoint an independent Data auditor who shall evaluate their compliance with the act.

Data Empowerment and Protection Architecture

 

Right to Erase Data and Right to Nominate

  • Data principals will have the right to demand the erasure and correction of data collected by the data fiduciary.
    • They will also have the right to nominate an individual who will exercise these rights in the event of death or incapacity of the data principal.
  • The bill also gives consumers the right to file a complaint against a ‘Data Fiduciary’ with the Data Protection Board in case they do not get a satisfactory response from the company.

JPC on Data Protection Bill

 

Provision for Cross-border Data Transfer

  • The bill also allows for cross-border storage and transfer of data to “certain notified countries and territories.”
  • However, the Date Protection Bill also mentions that an assessment of relevant factors by the Central Government would precede such a notification.

 

Provisions for Penalties/fines under Digital Personal Data protection Bill 2022

  • The draft Digital Personal Data Protection also proposes to impose significant penalties on businesses that undergo data breaches or fail to notify users when breaches happen.
  • Entities that fail to take “reasonable security safeguards” to prevent personal data breaches will be fined as high as Rs. 250 crore.
  • The government could also exempt certain businesses from adhering to provisions of the Draft Digital Personal Data Protection Bill on the basis of the number of users and the volume of personal data processed by the entity.
  • This has been done keeping in mind start-ups of the country who had complained that the previous version of the Bill was too “compliance intensive”.

Personal Data Protection Bill 2019

Personal Data Protection Bill 2019

Sharing is caring!