Site icon Lawful Legal

The Digital Personal Data Protection Bill,2023

Introduction:-                                                               

• As per details, the DPDP bill is legislation that frames out the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the data fiduciary on the other hand. The Bill, which seeks to govern and safeguard the use of personal data, sets out the rights and duties of users, and the obligations on businesses.

• It is based on six principles of the data economy of which the first one talks about the collection and usage of the personal data of citizens of India. 

• The next principle talks about data minimization which says that only relevant data should be collected of individuals and serving the pre-defined purpose should be the only aim. 

• The fourth principle is regarding Data Protection and Accountability while the fifth talks about the accuracy of data. The last principle lays down the rules regarding reporting a data breach. In case of a data breach, it should be reported in a fair, transparent, and equitable manner to the Data Protection Boards.

Brief:-

• The Digital Personal Data Protection Bill, 2023, has set in motion a transformation in India’s data privacy landscape. Among the pivotal alterations introduced is the concept of “deemed consent” and the reinforced right to withdraw 

Key Features :-

• Applicability:-  The Bill applies to the processing of digital personal data within India where such data is: (i) collected online, or (ii) collected offline and is digitised.  It will also apply to the processing of personal data outside India if it is for offering goods or services in India.

• Consent :-Personal data may be processed only for a lawful purpose after obtaining the consent of the individual.  A notice must be given before seeking consent.  The notice should contain details about the personal data to be collected and the purpose of processing.  Consent may be withdrawn at any point in time.

• Rights and duties of data principal:- An individual whose data is being processed (data principal), will have the right to: (i) obtain information about processing, (ii) seek correction and erasure of personal data, (iii) nominate another person to exercise rights in the event of death or incapacity, and (iv) grievance redressal.  Data principals will have certain duties

• Transfer of personal data outside India :-The Bill allows transfer of personal data outside India, except to countries restricted by the central government through notification.

• Penalities:-The schedule to the Bill specifies penalties for various offences such as up to: (i) Rs 200 crore for non-fulfilment of obligations for children, and (ii) Rs 250 crore for failure to take security measures to prevent data breaches.  Penalties will be imposed by the Board after conducting an inquiry.  

Importance:-

• Companies or data fiduciaries may process personal data only for the purpose for which the data has been voluntarily provided, unless using it has not been consented to.

• Organizations must tread carefully, aligning their data collection practices with the principles of fairness, transparency, and accountability.

• The Bill bolsters the right to withdraw consent empowering individuals to retract their agreement at any juncture.

• The Digital Personal Data Protection Bill, 2023, has set in motion a transformation in India’s data privacy landscape. Among the pivotal alterations introduced is the concept of “deemed consent” and the reinforced right to withdraw consent. 

• The Digital Personal Data Protection Bill (2022) introduced a novel concept termed “deemed consent,” In essence, this provision suggested that under specific circumstances, an individual’s silence or inaction can be considered as a form of consent.

Key points:-

• To give directions for remediating or mitigating data breaches;

• To inquire into data breaches and complaints and impose financial penalties;

• To refer complaints for Alternate Dispute Resolution and to accept Voluntary Undertakings from Data Fiduciaries; and

• To advise the Government to block the web

site, app etc. Of a Data Fiduciary who is found to repeatedly breach the provisions of the Bill.

Key issues and analysis:-

Conclusion :-

As the Digital Personal Data Protection Bill advances through the legislative process, organizations and employees must actively engage with its nuances to ensure seamless integration of these novel principles into the corporate and personal data landscape. The concept of consent for ‘legitimate use’ and strengthened consent withdrawal rights not only  procedures and enhanced transparency but also mandate a profound commitment to upholding data protection standards. From an employee standpoint, these provisions empower individuals with greater autonomy over their personal information, highlighting the urgency for organizations to foster an environment of trust and transparent dialogue.

Author : Sneha 

College : Bhagat Phool Singh Mahila Vishwavidylaya Sonipat

Exit mobile version