Pre-cum-Mains GS Foundation Program for UPSC 2026 | Starting from 14th Nov. 2024 Click Here for more information
Source: The post is based on the article “Amid row, Data Protection Bill tabled” published in The Hindu on 4th August 2023
What is the News?
Digital Personal Data Protection Bill, 2023 has been introduced in the Lok Sabha. The Bill seeks to provide for the protection of personal data and the privacy of individuals.
What are the key provisions of the Digital Personal Data Protection Bill, 2023?
Applicability: The bill will apply to processing of digital personal data within India and to data processing outside the country if it is done for offering goods or services, or for profiling individuals in India.
Obligations of data principals: Companies are required to protect digital data taken from individuals (the former termed ‘data fiduciaries’ and the latter ‘data principals’) by clearly mentioning to them what data are being collected and what they are being used for, appointing and giving contact information of a data protection officer and giving users the right to delete or modify their personal data.
Data protection board: It proposes to set up a data protection board that will adjudicate on matters related to violations of the provisions including data breaches. The Union government will notify the appointment of its members.
The Bill strikes off Section 43A of the Information Technology Act, 2000 that requires companies which mishandle user data to compensate users.
Data Localisation: The Bill permits relaxed data localisation requirements and permits cross-border data flow to certain countries and territories as may be notified by the central government.
Exemptions: The Bill provides a wide range of exemptions for the “state and its instrumentalities”. For instance, personal data can be processed “in the interest of sovereignty and integrity of India or security of the state” for “fulfilling any obligation under law”.
Fines: The bill proposes fines ranging from ₹50 crore to ₹250 crore for companies that fail to protect user data or default on disclosure requirements. These fines can be compounded, that is separate fines can be imposed on the same data fiduciary for each violation.
