bill in parliament that authorities say is needed to better regulate the activities of big tech firms in the world's most populous country. The bill is meant to limit cross-border transfers of data, penalise companies for data breaches, and provide a framework for setting up a data protection authority to ensure compliance.
A date for enactment has not been announced. Privacy experts say the proposed law fails to adequately safeguard the personal data of the nation's 1.4 billion citizens, and gives the government too much power.
What is the bill about, and why has it drawn so much criticism?WHAT DOES THE DATA PROTECTION BILL DO? The Digital Personal Data Protection Bill, 2023 aims to «provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes,» the ministry of information technology said. Companies and institutions can be penalised for non-compliance, and for failing to take reasonable measures to prevent data breaches.
They will also be required to stop retaining user data if it no longer serves the business purpose for which it was collected. No company or organisation will be allowed to process personal data that is likely to cause «any detrimental effect» on the well-being of a child.
Government agencies may be exempted from the law on the grounds of national security.WHY WAS IT DELAYED? At least three different iterations of the bill were shelved, with privacy experts objecting to exemptions granted to government agencies, and dilution of the power of the data protection authority. An earlier draft had also raised concerns among Big Tech firms that it would increase their
. Read more on economictimes.indiatimes.com