Cabinet approves draft of Digital Personal Data Protection Bill, to be tabled during Monsoon session of Parliament
Jul 05, 2023
New Delhi [India], July 5 : Union Cabinet has approved the draft of Digital Personal Data Protection (DPDP) Bill 2023.
According to official sources, the bill is likely to be tabled during the upcoming monsoon session of Parliament.
The Centre introduced the Personal Data Protection Bill 2019 in Parliament in December 2019. The Bill was sent for consideration to the Joint Committee of Parliament. The Joint Committee, after consultations, submitted a report to the Speaker. In view of the feedback by stakeholders and various agencies, the Bill was withdrawn in August 2022.
On November 18, 2022, the government published a new draft Bill, titled the Digital Personal Data Protection Bill 2022, and initiated a public consultation on this draft. A comprehensive and detailed consultation was held on this subject.
21,666 comments were received from the public and a series of consultations were held with 46 sector organisations, associations and industry bodies. Comments were also received from 38 ministries/ departments of the Government of India.
The reintroduced draft Digital Personal Data Protection Bill 2022 proposed six types of penalties on non-companies to companies. To prevent a personal data breach, a penalty of up to Rs 250 core is being proposed in the draft bill which was put out for public comments.
Besides, failure to notify the Board and affected Data Principals in the event of a personal data breach and non-fulfilment of additional obligations in relation to Children may attract a penalty of up to Rs 200 crore.
Non-fulfilment of additional obligations of Significant Data Fiduciary under sections 11 and 16 of the Act may attract Rs 150 crore and Rs 10 crore fines, respectively.
Lastly, non-compliance with provisions of this Act other than those listed in (1) to (5) and any rule made thereunder will attract penalties up to Rs 50 crore.
Points that emerged in the course of consultations and comments were thoroughly studied and the draft Digital Personal Data Protection Bill 2023 was finalised.
The purpose of this Act, the draft said, is to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process personal data for lawful purposes.
During the drafting of the Personal Data Protection Bill in 2019, the government said that the entire gamut of principles was widely debated and discussed. These include the rights of individuals, duties of entities processing personal data and regulatory framework, among others.
The first principle of the proposed Bill is that usage of personal data by organisations must be done in a manner that is lawful, fair to the individuals concerned and transparent.
The second principle of purpose limitation is that the personal data is used for the purposes for which it was collected. The third principle of data minimisation is that only those items of personal data required for attaining a specific purpose must be collected.
Among others, personal data should be limited to such duration as is necessary for the stated purpose for which personal data was collected and reasonable safeguards to ensure that there is no unauthorised collection or processing of personal data are some features.