Initiating a new era in India’s digital landscape, a momentous milestone was achieved as Indian President Droupadi Murmu accorded her assent to the Digital Personal Data Protection Bill (DPDPB) on Friday. With the exponential growth of digital services and the increasing concern over data breaches and privacy violations, this bill aims to provide comprehensive protection to users’ personal data while also fostering an environment conducive to innovation and economic growth.
The long-awaited data protection law comes months after the Ministry of Electronics and Information Technology (MeitY) released an initial draft in November 2022. This development follows a meticulous five-year process, beginning with the initial draft release in July 2018. Notably, India’s Supreme Court had underscored the fundamental right to privacy a year earlier.
The legislative framework applicable to personal data both online inside and outside of India mandates that data must be processed solely for legitimate reasons with the individual’s consent. Additionally, the legislation stipulates that only essential information required for the defined purpose should be retained.
In an era where digital interactions are integral to daily life, the potential for misuse and exploitation of personal data has become a pressing concern. The DPDPB tackles this issue by creating a legal structure that oversees the gathering, handling, and retention of personal data by both governmental and private entities.
The Indian government stated that the legislation outlines procedures for handling digital personal data, acknowledging the importance of respecting individuals’ rights to safeguard their personal information while also recognizing the lawful processing of such data for relevant purposes and related matters.
The Digital Personal Data Protection Bill introduces several key provisions that prioritize users’ privacy and grant them greater control over their personal information.
Consent and Control: One of the fundamental pillars of the DPDPB is the emphasis on user consent. Organizations collecting and processing personal data must obtain explicit and informed consent from individuals, ensuring that users have a clear understanding of how their data will be used.
Data Localization: The bill introduces provisions for data localization, requiring companies to store sensitive personal data within Indian borders. This measure aims to enhance data security and prevent unauthorized access from foreign entities.
Sensitive Data Protection: The DPDPB recognizes certain categories of data as sensitive, such as financial information, health records, and biometric data. Special safeguards are established for the processing of such data to prevent potential misuse.
User Rights and Redressal: The bill grants users a range of rights, including the right to access their data, correct inaccuracies, and even the right to be forgotten. Additionally, a robust mechanism for addressing grievances and seeking redressal in case of data breaches or misuse is established.
Accountability and Penalties: Organizations are held accountable for data protection through stringent compliance measures. Non-compliance can result in substantial fines and penalties, ensuring that entities handling personal data prioritize the security and privacy of their users.
Transparency and Accountability: The DPDPB mandates transparency in data processing practices. Companies are required to provide clear and concise privacy policies, detailing how data is collected, processed, and shared. This transparency fosters trust between users and organizations.
Regulatory Oversight: To oversee the implementation of the DPDPB, an independent regulatory body is established. This body is tasked with monitoring compliance, investigating violations, and promoting a culture of data protection.
The passing of the Digital Personal Data Protection Bill marks a significant turning point in India’s approach to data privacy. By enshrining user privacy as a fundamental right, the bill aligns with global trends towards enhanced data protection. This move is expected to bolster user confidence, encourage foreign investment, and promote the growth of the digital economy.
The DPDP Act mandates the formation of a Data Protection Board (DPB) consisting of government-appointed members. This board is tasked with evaluating complaints, probing data breaches, and imposing penalties based on factors such as the seriousness, duration, and frequency of the occurrences.
If a citizen’s data is breached, all they must do is visit the website and furnish the Data Protection Board with pertinent information. Subsequently, an inquiry will be initiated by the board, leading to the imposition of penalties on the platforms responsible, as stated by IT minister Rajeev Chandrasekhar.
Entities that mishandle or neglect to secure individuals’ digital data or neglect to inform the DPB about a breach could encounter financial penalties reaching as high as ₹250 crore ($30.1 million). Appeals against the board’s decisions can be presented for assessment to the Telecom Disputes Settlement and Appellate Tribunal within a 60-day timeframe.
Furthermore, the DPDPB’s provisions for data localization and stringent accountability mechanisms contribute to safeguarding national security and protecting citizens’ personal information from potential breaches and cyber threats. This legislation also positions India as a responsible and proactive participant in the global conversation surrounding data protection and privacy.
As India embarks on this transformative journey towards safeguarding digital personal data, the passage of the Digital Personal Data Protection Bill represents a monumental step in the right direction. By placing users’ privacy at the forefront and introducing a comprehensive framework for data protection, the DPDPB lays the foundation for a more secure, accountable, and transparent digital ecosystem. This legislation not only empowers individuals with greater control over their personal information but also reinforces India’s commitment to fostering a digital environment that values and upholds the privacy rights of its citizens.
Enjoyed reading this article? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
More information about our Cookie Policy
