The Parliamentary Standing Committee on Communications and Information Technology adopted a report on the digital personal data protection bill. (Pexels)

Parliamentary Panel Adopts Personal Data Protection Bill – Learn About Its Features

The Parliamentary Standing Committee on Communications and Information Technology, led by MP Prataprao Jadhav, has approved a report on the Digital Personal Data Protection Bill (DPDP or PDP) on Wednesday, July 27. This follows the clearance of the draft of the 2023 version of the bill by the Union cabinet, headed by PM Narendra Modi, on July 5. The bill has not yet been presented in Parliament. Its main objective is to protect personal data and enhance data security in India. Now, let’s examine its key features.

Digital Personal Data Protection Act: Features

The bill proposes a huge administrative area to enable the processing of digital personal data in India when such data is collected online or collected offline and digitized. It also applies to such processing outside India if it is for the purpose of providing goods or services or profiling individuals in India, according to the PRS report.

A lot of attention has been paid to the right to privacy, and the emphasis is on the individual’s consent to the collection, storage and processing of information. Companies, Internet companies, mobile applications and all entities that store or have access to personal data would be required to obtain consent. Violation of the rule can result in a hefty fine. 250 crore per case with a maximum of Rs. 500 million.

The 2023 version of the Bill proposes the creation of a Data Protection Board (DPB) of India. This board is given legislative powers as well as enforcement and judgment responsibilities in all matters related to the security of personal data.

The bill exempts government bodies from data protection regulations, meaning they can process individuals’ personal data without their consent. However, this only applies for “just and reasonable” reasons and matters of public interest.

The bill also introduces a new entity, the Significant Data Fiduciary (SDF), which has increased responsibility for compliance with all data security regulations, must appoint independent data protection audits, conduct regular data protection impact assessments, appoint a data protection officer and perform high-level supervision.