The Digital Personal Data Protection Bill,2023

Introduction:-                                                               

• As per details, the DPDP bill is legislation that frames out the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the data fiduciary on the other hand. The Bill, which seeks to govern and safeguard the use of personal data, sets out the rights and duties of users, and the obligations on businesses.

• It is based on six principles of the data economy of which the first one talks about the collection and usage of the personal data of citizens of India. 

• The next principle talks about data minimization which says that only relevant data should be collected of individuals and serving the pre-defined purpose should be the only aim. 

• The fourth principle is regarding Data Protection and Accountability while the fifth talks about the accuracy of data. The last principle lays down the rules regarding reporting a data breach. In case of a data breach, it should be reported in a fair, transparent, and equitable manner to the Data Protection Boards.

Brief:-

• The Digital Personal Data Protection Bill, 2023, has set in motion a transformation in India’s data privacy landscape. Among the pivotal alterations introduced is the concept of “deemed consent” and the reinforced right to withdraw 

Key Features :-

• Applicability:-  The Bill applies to the processing of digital personal data within India where such data is: (i) collected online, or (ii) collected offline and is digitised.  It will also apply to the processing of personal data outside India if it is for offering goods or services in India.

• Consent :-Personal data may be processed only for a lawful purpose after obtaining the consent of the individual.  A notice must be given before seeking consent.  The notice should contain details about the personal data to be collected and the purpose of processing.  Consent may be withdrawn at any point in time.

• Rights and duties of data principal:- An individual whose data is being processed (data principal), will have the right to: (i) obtain information about processing, (ii) seek correction and erasure of personal data, (iii) nominate another person to exercise rights in the event of death or incapacity, and (iv) grievance redressal.  Data principals will have certain duties

• Transfer of personal data outside India :-The Bill allows transfer of personal data outside India, except to countries restricted by the central government through notification.

• Penalities:-The schedule to the Bill specifies penalties for various offences such as up to: (i) Rs 200 crore for non-fulfilment of obligations for children, and (ii) Rs 250 crore for failure to take security measures to prevent data breaches.  Penalties will be imposed by the Board after conducting an inquiry.  

Importance:-

• Companies or data fiduciaries may process personal data only for the purpose for which the data has been voluntarily provided, unless using it has not been consented to.

• Organizations must tread carefully, aligning their data collection practices with the principles of fairness, transparency, and accountability.

• The Bill bolsters the right to withdraw consent empowering individuals to retract their agreement at any juncture.

• The Digital Personal Data Protection Bill, 2023, has set in motion a transformation in India’s data privacy landscape. Among the pivotal alterations introduced is the concept of “deemed consent” and the reinforced right to withdraw consent. 

• The Digital Personal Data Protection Bill (2022) introduced a novel concept termed “deemed consent,” In essence, this provision suggested that under specific circumstances, an individual’s silence or inaction can be considered as a form of consent.

Key points:-

• To give directions for remediating or mitigating data breaches;

• To inquire into data breaches and complaints and impose financial penalties;

• To refer complaints for Alternate Dispute Resolution and to accept Voluntary Undertakings from Data Fiduciaries; and

• To advise the Government to block the web

site, app etc. Of a Data Fiduciary who is found to repeatedly breach the provisions of the Bill.

Key issues and analysis:-

  • Exemptions to the State may have adverse implications for privacy
  • Personal data processing by the State has been given several exemptions under the Bill.  As per Article 12 of the Constitution, the State includes: (i) central government, (ii) state government, (iii) local bodies, and (iv) authorities and companies set up by the government.  There may be certain issues with such exemptions.
  • The Bill may enable unchecked data processing by the State, which may violate the right to privacy
  • The Supreme Court (2017) has held that any infringement of the right to privacy should be proportionate to the need for such interference.1  Exemptions for the State may lead to data collection, processing, and retention beyond what is necessary.  This may not be proportionate, and may violate the fundamental right to privacy.
  • The Bill empowers the central government to exempt processing by government agencies from any or all provisions, in the interest of aims such as the security of the state and maintenance of public order.   None of the rights of data principals and obligations of data fiduciaries (except data security) will apply in certain cases such as processing for prevention, investigation, and prosecution of offences.  

Conclusion :-

As the Digital Personal Data Protection Bill advances through the legislative process, organizations and employees must actively engage with its nuances to ensure seamless integration of these novel principles into the corporate and personal data landscape. The concept of consent for ‘legitimate use’ and strengthened consent withdrawal rights not only  procedures and enhanced transparency but also mandate a profound commitment to upholding data protection standards. From an employee standpoint, these provisions empower individuals with greater autonomy over their personal information, highlighting the urgency for organizations to foster an environment of trust and transparent dialogue.

Author : Sneha 

College : Bhagat Phool Singh Mahila Vishwavidylaya Sonipat

Leave a Reply

Your email address will not be published. Required fields are marked *