Lagatar24 Desk
New Delhi, August 7: Despite interruptions from the opposition over the Manipur issue, the Lok Sabha passed the Digital Personal Data Protection Bill.
The Digital Personal Data Protection Bill, 2023 aims to “provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes,” the Ministry of Information Technology said.
Companies and institutions that violate regulations or fail to take reasonable precautions to avoid data breaches may face penalties. Additionally, if the business reason for which the user data was obtained no longer applies, they must stop keeping it.
“Data protection bill once enacted will enhance the privacy cognizance of Indian citizens by empowering them with their privacy rights through transformative accountability measures to be adopted by enterprises. Driving robust protection and security measures, combined with effective privacy policies and grievance redressal are the layered requisites towards its compliance,” said Hemant Krishna, Partner, Shardul Amarchand Mangaldas &Co.
“Data is the currency of the digital age and processing of personal data is the pivot around which today’s digital economies revolve. Now, with the strides made by AI, personal data can be processed with unprecedented velocity and sophistication. Ironically, despite the volume and variety of personal data in India, due to the absence of a proper privacy framework, citizens have not had sufficient control over their data and businesses have struggled to find legitimate ways to collect and process personal data. That is all set to change when the DPDP Bill becomes law. This law when enacted will touch the lives of more Indian citizens and businesses than any other in recent times,” said Manish Sehgal, Partner, Risk Advisory, Deloitte India.
No company or organisation will be permitted to handle private data that could have “any detrimental effect” on a child’s well-being.
Compared to the proposal made in the draft DPDP that was made available for public consultation in November 2022, the bill has loosened the norms for penalties.
“If the board determines on conclusion of an inquiry that breach of the provisions of this Act or the rules made thereunder by a person is significant, it may, after giving person an opportunity of being heard, impose such monetary penalty specified in the schedule,” the bill said.
A fine of up to 250 crore rupees and a minimum of 50 crore rupees may be imposed on an offending organization, according to the schedule.
“No suit, prosecution or other legal proceedings shall lie against the central government, the board, its chairperson and any member, officer or employee thereof for anything which is done or intended to be done in good faith under the provisions of this Act or the rules made thereunder,” the bill said.
The Centre may restrict access to data in the interest of the general public after receiving a written request from the board in accordance with the bill’s provisions.
Rajeev Chandrasekhar, Minister of State for Electronics and IT, stated that after the bill is approved by Parliament, it will safeguard all citizens’ rights, enable the growth of the innovation economy and allow the government lawful and authorized access in cases of national security, such as pandemics, earthquakes and other emergencies.
“It will take a lot of the concerns and lot of misuse and exploitation that is done by many of these (online) platforms. Puts a break on that once and for all. This is certainly a legislation that will create deep lasting behaviourial change and create high punitive consequences for any or all platforms that misuse or exploit personal data of any Indian citizen,” Chandrasekhar said.
