Decoding the Digital Personal Data Protection Bill 2023
Digital Personal Data Protection (DPDP) Bill with a voice vote, bringing India a step closer to its first law that enshrines how private or government entities can use or process citizens’ data. The opposition has expressed several concerns over the legislation and has been demanding that the bill be sent to a parliamentary panel for further deliberations. They alleged that the bill violated citizens’ Right to Privacy.
Here are some key insights into the bill.Main provisions:
Companies and businesses (data fiduciaries) cannot process the personal data of any user without his or her explicit consent. Companies which process such personal data must give exact details of the purpose for which the data is collected and delete it as and when this consent is withdrawn. The consent architecture provided in the bill is similar to other digital privacy provisions across the world. The bill has also moved to a ‘blacklisting’ approach for cross-border transfer and processing of personal data, meaning that the government would specify certain geographies where data cannot be processed.This approach is in contrast with the approach taken by other major data jurisdictions such as the European Union, where the approach is to identify and whitelist jurisdictions which follow and implement adequate legal standards for processing of data within their geographies. The bill suggests a penalty of up to Rs 250 crore per instance of data breach and a maximum penalty of Rs 500 crore for all such breaches. However, it does away with criminal penalties, including jail terms, envisioned under the older versions.
Read more on economictimes.indiatimes.com
