Securing Digital India: Lok Sabha Approves Digital Personal Data Protection Bill 2023
This law sets rules for companies that use and manage people's digital information. If companies misuse the data or break these rules, they might have to pay large fines, as much as Rs 250 crore.
Personal data processing plays a pivotal role in business operations and government services, allowing a better understanding of individual preferences. This, in turn, aids in tailored advertising and service recommendations. However, with the rise of advanced technologies such as Artificial Intelligence, concerns surrounding unchecked data processing and the potential breach of privacy rights have become more pronounced.
Until now, India primarily relied on the IT Act, 2000, for data protection regulations.
What is The Digital Personal Data Protection Bill 2023?
The Digital Personal Data Protection Bill 2023 aims to keep people's personal information safe and private. It creates a special group called the Data Protection Board (DPB) to handle problems with data being used wrongly and will be responsible for enforcing the law.
According to this new bill, every company will now choose a Data Protection Officer (DPO) - a go-to person for any data protection-related concerns, ensuring direct accountability.
The Bill empowers the central government to regulate the transfer of personal data outside India, ensuring that citizens' data remains protected even beyond Indian shores.
Key Features of the Bill Digital Personal Data Protection Bill 2023
- Firms dealing with user data must protect personal data even if it is stored with a third-party data processor
- In case of a data breach, companies must inform the Data Protection Board (DPB) and users
- Children’s data and data of physically disabled persons with guardians must be processed after consent from guardians
- Firms must appoint a Data Protection Officer, and provide such details to users
- The Centre retains the power to restrict the transfer of personal data to any country, or territory outside India
- Appeals against DPB decisions to be heard by the Telecom Disputes Settlement and Appellate Tribunal
- DPB may summon, and examine people under oath, inspect books, and documents of companies working with personal data
- DPB to decide on penalty after considering the nature and gravity of the breach, the type of personal data impacted
- DPB may advise the government to block access to an intermediary if DPDP Bill provisions are breached more than twice
- Penalties can go up to Rs 250 crore for a data breach, failure to protect personal data, or informing DPB and users of the breach.
What is the data protection laws in other countries?
According to UNCTAD, 71 percent of countries had put in place legislation to secure the protection of data and privacy. Africa and Asia show different levels of adoption with 61 and 57 percent of countries having adopted such legislation. India's Bill differs in several ways, including its approach to publicly available data, licensing of consent managers, and cross-border data transfer regulations
What’s Next?
With the Bill now approved by the Lok Sabha, it stands to revolutionize the way companies handle, process, and store digital data. The focus is not only on protection but also on ensuring transparency, accountability, and the upholding of digital rights.
This Bill marks a significant step in India's journey towards establishing itself as a nation that values and protects its digital assets. The coming months will undoubtedly see corporations gearing up to align themselves with these new directives. Stay tuned for more updates on how this unfolds in the Indian digital ecosystem.
The Digital Personal Data Protection Bill 2023 is a monumental step towards strengthening India's digital data protection framework. Laying down clear guidelines for companies and establishing mechanisms like the DPB and DPO, it paves the way for a safer, more transparent digital environment for all of India's netizens.