Proposed Digital Personal Data Protection Bill 2023

Table of Contents

Proposed Digital Personal Data Protection Bill 2023: The Union Government has given its approval to the draft Digital Personal Data Bill, paving the way for its introduction in the upcoming monsoon session of Parliament. The Ministry of Electronics and Information Technology received a significant response from the public, considering and analyzing 21,666 suggestions received in response to the draft bill circulated for comments in November 2022. The bill aims to address crucial aspects of digital personal data protection in India, and its passage through Parliament will be a significant step in safeguarding citizens’ privacy and data security in the digital age.

Digital Personal Data Protection Bill, 2023

Need for Law: Currently, the Information Technology (IT) Rules, 2011, under the IT Act, 2000, control the use and transfer of people’s personal data.
Strengthening of Fundamental Right: The right to privacy was recognized as a fundamental right under Puttaswamy’s Judgement under Article 21
Growing Digitization: With the growing internet penetration in India Data protection become essential to safeguard the privacy of citizen
India has more than 800 million internet users and is expected to grow to 900 million users by 2025
European’s General Data Protection Regulation was adopted in 2016 which provides a beacon light to Indian Legislature to restore data protection & privacy
Key Term inside the Bill
- Data principal: Whose data is being processed
- Data fiduciaries: Who will collect the Data and determine its purpose

Key Feature of Digital Personal Data Protection Bill, 2023

Applicability: The Bill will be applicable to the processing of digital personal data inside of India, whether the data is obtained online or offline and thereafter digitized.
Consent: Only a legitimate purpose for which a person has provided consent may personal data be collected.
Rights of Data principle: Certain rights have been given to data principles like can obtain information about the processing
Obligations of data fiduciaries
- Make an attempt to ensure the data is precise and comprehensive
- Create adequate security measures to stop a data breach and notify the Indian Data Protection Board in case of a breach.
- Data transmission outside of India: The central government will inform nations where a data fiduciary may transfer data about individuals.
The establishment of the Data Protection Board of India and its primary duties are:
- Enforcing sanctions for noncompliance
- Ordering data fiduciaries to take appropriate action in the case of a data breach.

Effects of the Legislation on Citizens

The law will enhance the privacy protection of citizens and reduce the risk of misuse of personal data.
Control over data: Individual consent is necessary before collecting & processing critical personal information.
Right to nominate: In the case of their death or disability, data principals will also be able to designate someone to act in their place.

Challenges with Digital Personal Data Protection Bill, 2023

Privacy concerns could be negatively impacted by exemptions to the state.
No provision is made for the right to data portability or the right to be forgotten.
Uncertainty about what counts as a significant loss
Dilution of the Data Protection Board: The proposed measure is thought to weaken the data protection board’s ability to act as an arbitrator in privacy-related issues.
Clash with Right to Information Act, 2005: Privacy laws may make it more difficult to provide information to RTI applicants, which could impair transparency and accountability
Penalties Clarification: lack of clarity on penalties favors the Data fiduciaries, and can hamper the implication in the near future.

Way Forward

Right Applicability: In the public interest, personal information should be protected and used solely for the purposes for which it was gathered.
Define the Purpose: Personal information should be secured and used only for the intended purposes in the public interest.
Adopting the best practice: Similar to the GDPR (General Data Protection Regime) adopted by the European Union, India must establish strict legislation.
People’s Awareness: Public awareness campaigns, privacy literacy initiatives, and collaboration with educational institutions can all be used to raise people’s awareness of their rights to privacy.

UPSC Related Topic
Core Sector Industries	Special Economic Zones in India	Government Imposes 30 Percent Tax on Proceeds of Digital Currency
How can India be a 5 trillion-dollar Economy	Inflation in India	LPG Reforms in India

Follow US
UPSC Govt Jobs UPSC Current Affairs UPSC Judiciary PCS Download Adda 247 App here to get the latest updates

FAQs

What is the Digital Personal Data Protection Bill, 2023?

The Digital Personal Data Protection Bill, 2023, is a proposed legislation by the Union Government aimed at safeguarding personal data of individuals in India in the digital realm. It addresses concerns related to data privacy and security and outlines regulations for the collection, processing, and transmission of personal data.

What are the key features of the bill?

The bill introduces the concepts of "data principal" (whose data is being processed) and "data fiduciaries" (who collect and determine data purposes). It emphasizes obtaining legitimate consent before collecting personal data and grants specific rights to data principals, such as obtaining information about data processing. It also establishes the Data Protection Board of India responsible for enforcing compliance and handling data breaches.

How will the bill impact citizens?

The bill will enhance citizens' privacy protection and provide them with more control over their personal data. Individuals will have the right to nominate representatives to act on their behalf in case of death or disability. However, certain challenges, such as exemptions to state agencies and lack of clarity on penalties, need to be addressed.