Government Approves Personal Data Protection Bill to be Presented in Monsoon Session of Parliament – Report
According to sources from CNBC Awaaz, the Union Cabinet, led by PM Narendra Modi, has approved the Personal Data Protection Bill. The bill will now proceed to the next stage of becoming a law, which involves its presentation in the Monsoon session of Parliament.
The data protection law is the same as the one unveiled by the BJP-led NDA government in November 2022, barring minor changes. The bill had been submitted for public consultation. The purpose of the bill is to protect individual privacy in the digital age.
Apar Gupta, founder and executive director of the Internet Freedom Foundation, has said in a column on the subject in the Indian Express that the privacy law is aimed at “extending state power that tilts against individual privacy”.
This comes after the Justice BN Srikrishna Committee-drafted Privacy Act 2018 faced criticism for being complex and placing a heavy onus on industry to localize data.
Personal data protection law approved by the Union government
“The new bill will ensure that consumers’ rights to data protection are enshrined as rights,” the Indian Express quoted Electronics and IT Minister Rajeev Chandrasekhar as saying.
With the exception of the personal data protection part, the draft law aims not to become an obstacle and slow down the economy with any kind of rules that disturb companies, such as in the 2018 draft law.
In December 2022, the Ministry of Electronics and IT issued a statement asking the public for feedback on the draft law as part of the government’s public consultation. At the time, the bill stated: “Currently, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, made by the Central Government in exercise of its powers under the Information Technology Act 2000, set out the security practices and procedures to be followed by or on behalf of an entity that collects, receives, holds information, person storing, processing or processing must follow to protect users’ personal information These policies and procedures include requirements for that entity or person to publish a privacy policy on the website and disclosure of personal information, data or information, use collected information for the purpose for which it was collected, keep it secure and obtain permission from the supplier of the data in advance for the disclosure of personal data.”
The Personal Data Protection Act emphasizes
According to the PRS report, the following are the highlights of the Personal Data Protection Act:
- The bill deals with the processing of digital personal data in India, where the data is collected online or collected offline and digitized. It also applies to such processing outside India if it is for the purpose of providing goods or services or profiling individuals in India.
- Personal data can only be processed for a legal purpose to which the person has given his consent. Consent can be considered in certain cases.
- Data trustees are obliged to maintain the accuracy of the data, keep the data safe and delete the data when their purpose has been achieved.
- The bill gives individuals certain rights, including the right to access information, request rectification and erasure, and complaints.
- The State Council can exempt state agencies from the application of the provisions of the law for certain reasons, such as state security, public order and crime prevention.
- The central government sets up the Data Protection Board of India to deal with non-compliance with the provisions of the law.
