The Digital Personal Data Protection Bill 2023 is a significant step towards preserving individual privacy rights and fostering ethical data management practices in today’s quick-paced digital environment. This ground-breaking law recognizes the ever-increasing importance of protecting personal data and seeks to strike a careful balance between individual liberties and a company’s lawful data-processing requirements.
The Bill’s main goal is to control how digital personal data is processed while respecting people’s right to privacy and understanding the necessity of processing and using such data for legitimate purposes. The Bill’s wording is clear and concise, ensuring that everyone can understand it.
Salient Features Of Digital Personal Data Protection Bill 2023
As the name suggests Digital Personal Data Protection Bill is incorporated to protect digital personal data (which refers to the data by which a person is identified). This bill includes the following:
- The obligations of Data Fiduciaries ( referring to the individuals, organizations, and government bodies or entities who process data) for data processing (referring to the collection, storage, or any other operation on personal data)
- The rights and duties of Data Principles (that is, the person to whom the data relates); and
- Financial penalties for violation of rights, duties, and obligations.
Objectives Of Digital Personal Data Protection Bill 2023
The Digital Personal Data Protection Bill 2023 also intends to achieve the following objectives:
- Launch the data protection law with the least disruption or interference while ensuring the necessary change in the way Data Fiduciaries process data,
- Improve The Ease Of Living & Ease Of Doing Business and
- Boost the nation’s digital economy and its innovation ecosystem.
7 Principles Incorporated In Digital Personal Data Protection Bill 2023
- The Principle Of transparent, lawful, and consented use of personal data.
- The principle of purpose limitation means the use of personal data only for the purpose specified during the time of obtaining the consent of the Data Principal).
- The principle of data minimization (collection of personal data only as much as is necessary to serve the specified purpose.)
- The principle of data accuracy (ensuring data is updated and correct).
- The principle of storage limitation (storing data only till it is required for the specified purpose and nothing more).
- The principle of reasonable security safeguards
- The principle of accountability (through the resolution of data breaches, violations of Bill provisions, and implementation of fines for violations).
Innovative Features Of Digital Personal Data Protection Bill 2023
The Digital Personal Data Protection Bill 2023 also includes these innovative features:
The Bill is concise & SARAL i.e Simple, Accessible, Rational & Actionable Law as it has:
- plain language
- consists of illustrations that make the meaning clear
- contains no provisos (provided that) &
- has least cross-referencing
Rights Provided To Individuals By Digital Personal Data Protection Bill 2023
The Bill gives the following rights to the people:
- The right to access information about the personal data processed and how it is used.
- The right to correct personal data and delete/erase the provided data.
- The right to grievance redressal
Obligations on the data fiduciary
The Digital Personal Data Protection Bill 2023 provides the following obligations for the data fiduciary:
- To establish security safeguards to prevent the breach of personal data.
- To notify the Data Protection Board and the impacted Data Principal of personal data breaches.
- To delete personal data when it is no longer required for the intended purpose; To erase personal data following consent withdrawal;
- To put in place a grievance procedure and designate a person to respond to Data Principals’ inquiries
- Performing periodic Data security Impact Assessments and engaging a data auditor to ensure a greater level of data security are only two examples of the additional responsibilities that must be met in relation to Data Fiduciaries that have been designated as Significant Data Fiduciaries.
Digital Personal Data Protection Bill 2023 Protecting The Personal Data Of Children
The Digital Personal Data Protection Bill 2023 also safeguards the personal data of children also by:
- Allowing a Data Fiduciary to process the personal data of children with parental consent.
- The Bill forbids processing that harms children’s well-being or involves surveillance, behavioral monitoring, or targeted advertising for them.
Exemptions In The Bill
The exemptions provided in the Digital Personal Data Protection Bill 2023 are as follows:
- For notified agencies, in the interest of security, sovereignty, public order, etc.;
- For research, archiving or statistical purposes;
- For startups or other notified categories of Data Fiduciaries;
- To enforce legal rights and claims;
- To perform judicial or regulatory functions;
- To prevent, detect, investigate, or prosecute offenses;
- To process in India the personal data of non-residents under foreign contract;
- For approved mergers, demergers, etc.; and
- To locate defaulters and their financial assets etc.
Primary Functions Of The Data Protection Board of India
The following are the Board’s primary functions:
- To issue directives for rectifying or mitigating data breaches
- To investigate complaints and data breaches
- To assess monetary penalties
- To refer complaints for alternative dispute resolution
- To accept voluntary undertakings from data fiduciaries
- To recommend the Government to block the website, app, etc. of a data fiduciary who is found to repeatedly violate the Bill’s provisions.
In conclusion, the Digital Personal Data Protection Bill 2023 represents a crucial and timely step towards safeguarding individuals’ digital privacy rights in an increasingly interconnected world. By establishing comprehensive regulations for the collection, processing, and sharing of personal data, the bill aims to empower users with greater control over their information while promoting transparency and accountability among data controllers and processors. As our lives become more intertwined with digital platforms, the enactment of this bill has the potential to reshape the data landscape, fostering trust between users, businesses, and the government. However, the effectiveness of the bill will ultimately depend on its enforcement mechanisms and adaptability to evolving technological advancements. As stakeholders work collaboratively to address these challenges, the Digital Personal Data Protection Bill 2023 could pave the way for a more secure and privacy-respecting digital ecosystem.