News
NEW
India's data protection bill to provide safe internet to its 1.2B consumers
India's data protection bill to provide safe internet to its 1.2B consumers

Published June 2, 2023
by Vivek Yadav

min read

Summary

    In a recent interview, the minister of state for IT and electronics, Rajeev Chandrasekhar, expressed hope that India's Digital Personal Data Protection (DPDP) bill will come up in the Monsoon session of Parliament, held from July to September. 

    The bill aims to establish guidelines for processing digital personal data in a way that respects both the need to process personal data for legitimate purposes and the right of India's 1.2 billion consumers to have their data protected.

    "I have absolutely no doubt that the DPDP Bill will create deep behavioural changes among platforms in India who have for long exploited and misused personal data"

    - Rajeev Chandrasekhar, India Minister of State for IT and Electronics (Source: The Economic Times)

    India currently enforces the Information Technology Act, 2000 (IT Act), and the Indian Contract Act, 1872, to protect data since no proper data protection law exists.

    Following the withdrawal of the proposed Personal Data Protection Bill 2019 in August 2022, the Ministry of Electronics and Information Technology (MeitY) published a draft for the Digital Personal Data Protection Bill, 2022 (DPDPB) on November 18, 2022, for public comment. 

    More than 20,000 suggestions for modifications have been received. Some businesses that had expressed concerns about the joint parliamentary committee's recommendations on the proposed measure included Meta, Google, and Amazon.

    The new bill showcases the rights and duties of the “Digital Nagrik” (Digital Citizen) and the law to collect data. This law incorporates best practices from nations such as Singapore, Australia, and the European Union. A focus on lawfulness, fairness, and transparency of the process, as well as minimization of data, accuracy, and storage limits.

    The DPDP is still in the legislation phase, so changes are possible, but here are some of the key points from the current draft:

    1. Data Localization: The bill requires personal data to be stored and processed within India, with some exceptions. Sensitive personal data may have additional localization requirements.

    2. Consent: The bill emphasizes obtaining informed and explicit consent from individuals for data processing.

    3. Data Rights: Individuals are granted specific rights over their personal data, including the right to access, correct, and erase their data. They can also withdraw consent and restrict the processing of their data under certain circumstances. 

    4. Data Protection Authority: The bill proposes the establishment of a Data Protection Board of India (DPA) to oversee and regulate data protection activities. The DPA will have powers to enforce compliance, conduct audits, and impose penalties for violations. 

    5. Cross-Border Data Transfers: The bill includes provisions for transferring personal data outside India, subject to specific conditions and data protection safeguards.

    6. Accountability and Security Measures: Organizations are required to implement appropriate security measures to protect personal data. They must also conduct data protection impact assessments and maintain records of data processing activities.

    Although inspired by existing laws such as Europe's General Data Protection Regulation, the Bill has its unique outlook. Asked about the recent record-breaking fine received by Meta in the US, Rajeev Chandrasekhar commented:

    "I don't think we are in the business of competing with the EU in terms of the size of the penalty, but the formulation of penalties in this Bill is sufficient to incentivise every data fiduciary or any platform to behave correctly, to follow the law, and do the right thing,"

    - Rajeev Chandrasekhar, India Minister of State for IT and Electronics (Source: The Economic Times)

    What are your thoughts on India's Digital Personal Data Protection Bill? Join the conversation in our Yes We Trust community, a free discussion group for data privacy professionals and enthusiasts, on LinkedIn:

    Continue the conversation in the Yes We Trust community

    Related Articles
    Our freshest data privacy content for you
    • News

    India’s Digital Personal Data Protection Bill 2023 soon to become law | Yes We Trust

    August 10, 2023 by Jivika Lillaney

    India’s Digital Personal Data Protection Bill 2023 soon to become law

    Read Article

    • News

    Indiana, Montana, and Tennessee pass consumer privacy bills | Yes We Trust

    May 5, 2023 by Yes We Trust

    Yes we Trust - Consumer privacy bills in IN, MT and TN

    Read Article

    • News

    Tech giants seek 12-18 months extension for data compliance in India│Yes We Trust

    November 6, 2023 by Jivika Lillaney

    Tech giants seek 12-18 months extension for data compliance in India

    Read Article

    • News

    UK Government proposes amendments to Data Protection and Digital Information Bill │Yes We Trust

    December 4, 2023 by Jivika Lillaney

    UK Government proposes forward-thinking amendments to Data Protection and Digital Information Bill

    Read Article

    • News

    Google expands its AI-powered search to India and Japan│Yes We Trust

    September 11, 2023 by Jivika Lillaney

    Google expands its AI-powered search to India and Japan

    Read Article

    • News

    FTC suggests enhancing Children’s Online Privacy Protection Rule │Yes We Trust

    December 22, 2023 by Jivika Lillaney

    FTC suggests enhancing Children’s Online Privacy Protection Rule

    Read Article