Daily News Analysis » The Digital Personal Data Protection Bill, 2023

The Digital Personal Data Protection Bill, 2023

The Parliament has passed India's second attempt at privacy legislation, the Data Protection Bill.

Need of the Bill:

  • The Bill is needed because it offers guidelines and best practices for government agencies and businesses to follow when using personal data, including controlling how that data is used.
  • The Bill defines the duty of the Data Fiduciary to utilize the data that has been obtained legitimately as well as the rights and responsibilities of the citizen (Digital Nagrik).

Key features of the bill:

  • The Bill applies to the processing of personal data within India, both online and offline, and outside India for goods or services.
  • It requires consent from individuals, with consent withdrawn at any time. 
  • The Bill allows data transfer outside India, except in countries restricted by the central government. 
  • Exemptions apply in certain cases, such as the prevention and investigation of offenses or enforcement of legal rights.
  •  The Data Protection Board of India monitors compliance, imposes penalties, and directs data fiduciaries. 
    • It will consist of the Chairperson and the members.
    • The Chairperson and the Members would be appointed by the Central government for the period of two years. 
    • They can also be reappointed.
    • Decisions of the Board can be appealed to the Telecom Dispute Settlement and Appellate Tribunal.

 

Significance:

  • The Digital Personal Data Protection Bill 2023 will be able to keep a user’s personal data safe and provide them greater freedom in how to port their personal data.
  • If large firms and consumers do to comply with the bill’s standards, they will be fined heavily.
  • As part of the “Right to Privacy,” the measure attempts to make institutions such as internet companies, mobile apps, and business houses more accountable and answerable for the acquisition, storage, and processing of citizens’ data.

Key Concerns:

  • Exemptions and Privacy Violations: Exemptions for the State may lead to excessive data collection, violating the right to privacy.
  • Surveillance and Lack of Data Deletion: Government agencies can use exemptions for national security, potentially enabling extensive surveillance. The bill lacks provisions for deleting personal data after its purpose is fulfilled, raising concerns about data retention.
  • Unregulated Harm from Data Processing: The bill doesn’t address potential harms resulting from personal data processing, such as financial losses, identity theft, and discrimination.
  • Missing Rights -Data Portability and Right to Be Forgotten: The bill doesn’t provide for crucial rights like data portability and the right to be forgotten, which are essential for individual data control.
  • Cross-Border Data Transfer Risks: The bill allows data transfer to countries without robust data protection laws, potentially making data more vulnerable to breaches or unauthorized sharing.
  • Data Protection Board Independence: Short-term appointments and re-appointments of board members may compromise the independence of the Data Protection Board.
  • Child Data Privacy Concerns: Defining a child as under 18 and requiring parental consent may hinder access to digital services for many young users, raising questions about age verification and anonymity.

 

Way Forward:

  • Education and Awareness: Promote awareness and educate citizens, businesses, and government agencies about the Bill’s guidelines and the importance of data protection.
  • Strict Enforcement: Ensure strict enforcement of the Bill’s provisions, including penalties for non-compliance, to incentivize both large firms and consumers to adhere to data protection standards.
  • Continuous Review: Regularly review and amend the Bill to address emerging challenges and concerns, such as potential violations of privacy and the need for additional rights like data portability and the right to be forgotten.
  • Independent Oversight: Maintain the independence of the Data Protection Board of India by considering longer terms and avoiding re-appointment to ensure unbiased monitoring of compliance and safeguarding of data privacy rights.

 

Why in the news? 

  • The Parliament has passed India’s second attempt at privacy legislation, the Data Protection Bill.