The Indian Lok Sabha, our national legislative body, has recently approved the Digital Data Protection Bill 2023. Mr Ashwini Vaishnaw presented this bill on August 3, who is the Union Communications, Electronics, and Information Technology Minister of India. This is an important step taken in this digital era to regulate how private or government organisations use the data of any individual.
Key Highlights of Digital Personal Data Protection Bill, 2023
- The Digital Data Protection Bill 2023 gets approval in the Lok Sabha- a big step for safeguarding every citizen’s personal data.
- The digital personal data protection bill, 2023, is aimed to keep the personal data of every citizen safe; be it online or offline.
- The company or business that uses your data must share the reasons for which it is collected and later also delete it after withdrawing the consent.
- In case of a breach by any company, the fine ranges from Rs 50 crore to Rs 250 crore.
- Regarding kids and people, the data can only be used if their guardians agree.
- The government can decide if our data goes outside India, making sure it stays secure.
The Objective of the Digital Personal Data Protection Bill
The main purpose of the introduction of the Digital Personal Data Protection Bill, of 2023, is to develop a strong foundation and framework for the safety of personal data. This framework applies to data collected within India, whether it’s gathered online or offline. This aims to ensure that personal information is handled responsibly and with proper security measures.
Scope of Jurisdiction under Digital Personal Data Protection Bill, 2023
The Digital Data Protection Bill’s jurisdiction covers personal data collected within India, whether it’s in its original form or has been converted into digital format. Additionally, even if data processing takes place outside of India but involves providing goods or services to individuals within the country, the bill’s regulations will still be applicable.
Entities and Their Responsibilities
This legislation of the Digital Personal Data Protection Bill covers the entities (both public and private) that handle and process digital data. It emphasises the rights of individuals within India and ensures that their personal data is treated with the necessary care.
Penalties for Breaches
The DPB- Data Protection Board will determine penalties based on the seriousness of the breach.
As per the digital personal data protection bill, 2023, in case of a breach of the terms. The fines can reach up to Rs 250 crore for the following:
- Instances of data breaches
- Failure to protect personal data or failure to inform the DPB and affected users about a breach.
In essence, the Digital Data Protection Bill 2023 aims to safeguard our personal data in the ever-expanding digital age, where we, the citizens, have started relying upon the use of digital platforms for every work. This includes banking, trading, shopping, etc.
Data Security and Third Parties
Any business organisations, whether public or private, that deal with user data are obligated to ensure the security and protection of personal data. This responsibility remains even if the data is stored with third-party processors.
Data Breach and Notifications
In case a data breach occurs, companies and businesses shall be required to instantly inform the Data Protection Board (DPB) and the affected users. This step is crucial in maintaining transparency and addressing potential security concerns.
Protection for Minors and Guardians
When dealing with data related to minors or individuals under guardianship, explicit consent from the guardians is mandatory. This additional layer of protection ensures that vulnerable individuals are safeguarded.
Data Protection Officer Appointment
Businesses and organisations are expected to appoint a Data Protection Officer (DPO) and provide their contact information to users. This ensures a point of contact for addressing data-related concerns.
Control Over Data Transfer
The digital personal data protection bill grants authority to the central government to oversee the transfer of personal data to foreign countries or territories beyond India. This measure safeguards the data’s integrity and security.
Appeals Mechanism and DPB Authority
In cases of disagreements or concerns, the bill establishes an appeals mechanism through the Telecom Disputes Settlement and Appellate Tribunal. The DPB holds the power to summon individuals, examine them under oath, inspect company documents related to personal data, and recommend actions against repeated breaches.
How This Affects You and Businesses
As the country is moving swiftly towards digitalisation for every task, data protection is the need of the hour. The recent approval by Lok Sabha is surely a step towards the protection of every citizen’s personal data and ensuring their protection against any fraud or exploitation.
For instance, the digital personal data protection bill 2023 might bring some unexpected compliance expenses for Indian startups, affecting their budgets.
The digital data bill is strict in the case of minors; any processing of the data would need parental consent, though with a few exceptions.
Also, tracking and monitoring kids’ online activities won’t be allowed, except for specific cases.
Disclaimer: Investments in the securities market are subject to market risks; read all the related documents carefully before investing.