Digital Personal Data Protection Bill?

Digital Personal Data Protection Bill, 2022 in India ?
Digital Personal Data Protection Bill, 2022 in India ?

Digital Personal Data Protection Bill, 2022 in India ?

Why in conversation?

The digital personal data protection bill 2022, a revised version of the Personal Data Protection Bill, has been published by the Central Government. digital personal data protection bill in india.

Fundamentals of the digital personal data protection bill 2022 :-

1. First, particular data must be used by associations in a way that’s legal, fair and transparent to the individualists concerned.

2. Alternate, particular data must be used only for the purpose for which it was collected.

3. The third principle addresses about data reduction.

4. The fourth principle emphasizes data delicacy when it comes to storehouse.

5. The fifth principle states that how particular data is collected” can not be permanently stored by dereliction” and that storehouse must be limited to a certain period of time.

6. The sixth principle countries that there should be applicable safeguards to insure that” no unauthorized collection or processing of particular data takes place”.

7. The seventh principle countries that” the person who decides the purposes and means of processing particular data must be responsible for similar processing”.

Key Points of the digital personal data protection bill india:-

digital personal data protection bill india, digital personal data protection bill 2022: Personal Data Protection Bill.

Data star and Data Trustee :-
  • Data star refers to the individual whose data is being collected.
  • In case of children (<18 years), their parents/legal guardians will be considered as their “Data Principal”.
  • The data fiduciary is the entity (individual, company, firm, state, etc.) that decides the “purposes and means of processing personal data of an individual”.
  • Personal data is “any data by which an individual can be identified”.
  • Processing means the “cycle of operations” carried out in relation to personal data.
Important Data Trustees:-

Significant data fiduciaries are those who deal with high volumes of personal data. The central government will define who is to be nominated under this category based on several factors.
Such entities will have to appoint a ‘Data Protection Officer’ and an independent data auditor.

Individuals are required to consent before their data is processed and “each individual should be aware of what items of personal data a data fiduciary wishes to collect and the purpose of such collection and further processing” “.
Individuals also have the right to withdraw consent from the data fiduciary.

(ii) Right to destroy:

The data principal shall have the right to demand erasure and rectification of the data collected by the data fiduciary.

(iii) Right to Nominate:

The Data Principal shall also have the right to nominate a person who shall exercise these rights in the event of his death or incapacitation.

(iv) Data Protection Board:

The Bill also proposes to constitute a Data Protection Board to ensure compliance of the Bill.
In case of unsatisfactory response from the data fiduciary, the consumer can file a complaint with the Data Protection Board.

(v) Cross Border Data Transfer:

The Bill allows for cross-border storage and transfer of data to “certain notified countries and territories” provided they have an appropriate data protection landscape and the government can access Indians’ data from there.

(vi) Financial Penalties:
  •  For Data Fiduciary: The bill proposes to impose penalties on businesses that go through with data breaches or fail to notify users when a breach occurs.
    The fine will be imposed from Rs 50 crore to Rs 500 crore.
  • For Data Principal: If a user submits false documents or files a frivolous complaint while signing up for the online service, the user may be fined up to Rs 10,000.
Reduction :-

1) The government may exempt certain businesses from complying with the provisions of the Bill depending on the number of users and the amount of personal data processed by the entity.

This has been done keeping in mind the country’s startups who complained that the Personal Data Protection Bill, 2019 was too “compliance intensive”.

2) The exemption relating to national security, similar to the previous (2019) edition, has been retained.

The Center is empowered to exempt its agencies from complying with the provisions of the Bill in the interest of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states, the maintenance of public order or the prevention of any cognizable offense.

Importance of digital personal data protection bill 2022 india:

  • The new bill makes significant concessions on cross-border data flows, moving away from the previous bill’s controversial requirement of local storage of data in India.
  • It offers a relatively lenient stance on data localization requirements and allows data transfer to select global destinations, which is likely to promote country-to-country trade agreements.
  • The Bill recognizes the postmortem privacy (withdrawal of consent) right of the data principal which was not there in the PDP Bill, 2019 but was recommended by the Joint Parliamentary Committee (JPC).

Data protection laws in other countries:

(i) EU Model:-

The General Data Protection Regulation focuses on comprehensive data protection law for the processing of personal data.

In the European Union, the right to privacy is enshrined as a fundamental right aimed at protecting the dignity of an individual and his or her right to the data generated by him.

(ii) United Nations Model:

There is no overarching regulation of privacy rights or principles in the US like the EU’s GDPR, which regulates the use, collection and disclosure of data.

Instead it is limited sector-specific regulation. The approach to data security is different for the public and private sectors.

Personal information and government activities and powers are well defined and informed through comprehensive legislation such as the Privacy Act, the Electronic Communications Privacy Act.

There are some sector specific criteria for the private sector.

(iii) China model:-

New Chinese laws related to data privacy and security issued in the past 12 months include the Personal Information Protection Law (PIPL) which came into force in November 2021.
It gives new powers to Chinese data regulators to prevent misuse of personal data.
The Data Protection Law (DSL), which came into force in September 2021, requires business data to be classified based on their levels of importance. DSL imposes new restrictions on cross-border transfers.

Thank You

Be the first to comment

Leave a Reply

Your email address will not be published.