Historic Decision For Indian Constitution
Since Independence there are several changes had been done in the Indian Constitution related to different issues, and from past seven or eight years people have seen many developments in the IT sector, but the Rajya Sabha took a Historic Decision on 7 august 2023 by passing the Digital Personal Data Protection Bill, 2023, with a voice vote following a walk out by the opposition members over the Manipur issue, the bill received the assent of President Droupadi Murmu, on Friday, 11 august 2023. The Bill aims to manage digital personal data by balancing individuals’ right to safeguard their data with the need to lawfully process such data for relevant purposes.
The Bill text says, “A Bill to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto,“.
:- replaced to
Section 43A of the Information Technology Act, 2000
It is applicable to Digital Personal Data, both online and digitized offline, processing in India and also includes data processing outside the India for offering Indian goods and services.
Many Concerns have been raised as the violation of fundamental right to privacy due to exemptions granted for data processing by the state.
These exemptions could potentially result in data collection, processing, and retention beyond what is deemed necessary. It has also been pointed out that the Bill does not regulate risks of harms arising from processing of personal data.
Features of DPDP Bill, 2023
The Bill protects digital personal data, by which the person is identified who is processing the data, by providing the following:
- The obligations of Data Fiduciaries (that is, persons, companies and government entities who process data) for data processing (that is, collection, storage or any other operation on personal data);
- The rights and duties of Data Principals (that is, the person to whom the data relates);and
- Financial penalties for breach of rights, duties and obligations.
The Bill seeks to introduce the Data Protection Law with minimum disruption while ensuring necessary change in the way Data Fiduciaries process data, enhance the Ease of Living and the Ease of Doing the Business and the most important achieving feature is to Enable India’s Digital Economy and its innovation ecosystem.
Seven Principles of DPDP Bill
- The principle of consented, lawful and transparent use of personal data;
- The principle of purpose limitation (use of personal data only for the purpose specified at the time of obtaining consent of the Data Principal);
- The principle of data minimisation (collection of only as much personal data as is necessary to serve the specified purpose);
- The principle of data accuracy (ensuring data is correct and updated);
- The principle of storage limitation (storing data only till it is needed for the specified purpose);
- The principle of reasonable security safeguards; and
- The principle of accountability (through adjudication of data breaches and breaches of the provisions of the Bill and imposition of penalties for the breaches).
Right of The Individuals
- The Right to access the Personal Data processed and to do correction and erasure of data.
- The Right to grievance redressal.
- The right to nominate a person to exercise rights in case of death or incapacity.
The Bill also safeguards the personal data of the children as it allows a Data Fiduciaries to process the data of children only with parental consent, it does not permit processing which will be problem to the well-being of children or involves their tracking, behavioural monitoring and targeted advertising.
The exemptions provided in the Bill are as follows:
- For notified agencies, in the interest of security, sovereignty, public order, etc.;
- For research, archiving or statistical purposes;
- For startups or other notified categories of Data Fiduciaries;
- To enforce legal rights and claims;
- To perform judicial or regulatory functions;
- To prevent, detect, investigate or prosecute offences;
- To process in India personal data of non-residents under foreign contract;
- For approved merger, demerger etc.; and
- To locate defaulters and their financial assets etc.
The Key Function
Digital Personal Data Protection Bill’s key Function is to give directions for remediating or mitigating data breaches, to inquire into data breaches and complaints and impose financial penalties, to refer complaints for Alternate Dispute Resolution and to accept Voluntary Undertakings from Data Fiduciaries, and to advise the Government to block the website, app etc. of a Data Fiduciary who is found to repeatedly breach the provisions of the Bill.
https://drive.google.com/file/d/1rH1elf3Q3KagsJdFH_brxv8ksqGqeRXJ/view?usp=drivesdk
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023