Digital Personal Data Protection Bill, 2023 taken up for consideration in Lok Sabha
Aug 07, 2023
New Delhi [India], August 8 : The Digital Personal Data Protection Bill, 2023 was taken up for consideration and passage in the Lok Sabha on Monday.
Speaking on the floor of Lok Sabha, Union Telecom and IT Minister Ashwini Vaishnaw said, “The world today is discussing and praising the government’s Digital India initiative. Many countries want to implement some of these — UPI, Aadhaar — in their respective countries.”
“Villages and rural areas are driving India's digital journey. The Bill has been introduced to give rights, provide security and privacy to the people. This Bill has been introduced after having it discussed in a series of Parliamentary committee meetings,” he added.
The Digital Personal Data Protection Bill frames the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the Data Fiduciary on the other hand. The bill is based on the following principles around the Data Economy.
In the Monsoon Session of Parliament on August 3, 2022, the Union government had withdrawn the Data Protection Bill with the aim of bringing a comprehensive legislation.
Vaishnaw had said that the joint parliamentary committee, which went through the original draft, suggested 88 amendments to a bill of 91 sections, which led the government to decide that there was "no option" but to withdraw the original Bill completely.
In November, the government brought another draft of the Digital Data Protection Bill and put it for public consultation.
The focus of the Bill is to protect internet users from online harm and create a safe and trusted digital ecosystem as India is a digital economy powerhouse today.
The reintroduced draft Digital Personal Data Protection Bill, 2022, proposes six types of penalties on non-companies to companies. To prevent a personal data breach, a penalty of up to Rs 250 core was being proposed in the draft bill.
Besides, failure to notify the Board and affected Data Principals in the event of a personal data breach and non-fulfilment of additional obligations in relation to Children may attract Rs penalty up to Rs 200 crore.
Non-fulfilment of additional obligations of Significant Data Fiduciary under the sections 11 and 16 of the Act may attract Rs 150 crore and Rs 10 crore fines, respectively.
Further, non-compliance with provisions of this Act other than those listed in (1) to (5) and any rule made thereunder will attract penalties up to Rs 50 crore.
Regarding the transfer of personal data outside India, the Bill says the central government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified.
In a major exemption, the central government may, by notification, exempt from the application of provisions of this Act, the processing of personal data by any instrumentality of the State in the interests of sovereignty and integrity of India, security of the State, friendly relations with foreign States, maintenance of public order or preventing incitement to any cognizable offence.
During the drafting of the Personal Data Protection Bill, 2019, the Centre said the entire gamut of principles was widely debated and discussed. These include rights of individuals, duties of entities processing personal data and regulatory framework, among others.