Categories
-Top News India News Tech Lite

India govt approves draft of Digital Personal Data Protection Bill

Points that emerged in the course of consultations and comments were thoroughly studied and the draft Digital Personal Data Protection Bill 2023 was finalised…reports Asian Lite News

Union Cabinet has approved the draft of Digital Personal Data Protection (DPDP) Bill 2023. According to official sources, the bill is likely to be tabled during the upcoming monsoon session of Parliament. The Centre introduced the Personal Data Protection Bill 2019 in Parliament in December 2019.

The Bill was sent for consideration to the Joint Committee of Parliament. The Joint Committee, after consultations, submitted a report to the Speaker. In view of the feedback by stakeholders and various agencies, the Bill was withdrawn in August 2022.

On November 18, 2022, the government published a new draft Bill, titled the Digital Personal Data Protection Bill 2022, and initiated a public consultation on this draft. A comprehensive and detailed consultation was held on this subject.

21,666 comments were received from the public and a series of consultations were held with 46 sector organisations, associations and industry bodies. Comments were also received from 38 ministries/ departments of the Government of India.

The reintroduced draft Digital Personal Data Protection Bill 2022 proposed six types of penalties on non-companies to companies. To prevent a personal data breach, a penalty of up to Rs 250 core is being proposed in the draft bill which was put out for public comments.

Besides, failure to notify the Board and affected Data Principals in the event of a personal data breach and non-fulfilment of additional obligations in relation to Children may attract a penalty of up to Rs 200 crore.

Non-fulfilment of additional obligations of Significant Data Fiduciary under sections 11 and 16 of the Act may attract Rs 150 crore and Rs 10 crore fines, respectively.

Lastly, non-compliance with provisions of this Act other than those listed in (1) to (5) and any rule made thereunder will attract penalties up to Rs 50 crore.

Points that emerged in the course of consultations and comments were thoroughly studied and the draft Digital Personal Data Protection Bill 2023 was finalised.

The purpose of this Act, the draft said, is to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process personal data for lawful purposes.

During the drafting of the Personal Data Protection Bill in 2019, the government said that the entire gamut of principles was widely debated and discussed. These include the rights of individuals, duties of entities processing personal data and regulatory framework, among others.

The first principle of the proposed Bill is that usage of personal data by organisations must be done in a manner that is lawful, fair to the individuals concerned and transparent.

The second principle of purpose limitation is that the personal data is used for the purposes for which it was collected. The third principle of data minimisation is that only those items of personal data required for attaining a specific purpose must be collected.

Among others, personal data should be limited to such duration as is necessary for the stated purpose for which personal data was collected and reasonable safeguards to ensure that there is no unauthorised collection or processing of personal data are some features. (ANI)

ALSO READ-Khalistan irked with Modi’s successful US trip

Categories
India News

Centre withdraws Personal Data Protection Bill

The earlier bill drew intense scrutiny from privacy advocates, industry stakeholders and tech companies…reports Asian Lite News

The government on Wednesday said it will withdraw contentious Personal Data Protection (PDP) Bill 2019 that has seen 81 amendments in the past three years, and will introduce a new, sharper bill that fits fit into the comprehensive legal framework and protect the data of billions of citizens.

IT Minister Ashwini Vaishnaw told members of the Joint Committee of the Parliament (JCP) that the decision has been taken to protect the digital privacy of individuals and ensure their data is handled by the internet companies with utmost responsibility.

“The Personal Data Protection Bill, 2019 was deliberated in great detail by the Joint Committee of Parliament. 81 amendments were proposed and 12 recommendations were made towards a comprehensive legal framework on the digital ecosystem,” Vaishnaw said in a statement.

“Considering the report of the JCP, a comprehensive legal framework is being worked upon. Hence, in the circumstances, it is proposed to withdraw ‘The Personal Data Protection Bill, 2019’ and present a new bill that fits into the comprehensive legal framework,” he added.

The earlier bill drew intense scrutiny from privacy advocates, industry stakeholders and tech companies.

The IT Minister said that the decision to formulate a new Bill is to create a framework for organisational and technical measures in processing of data, to lay down norms for social media platforms, cross-border transfer, accountability of entities processing data, remedies for unauthorised and harmful processing, to ensure the interest and security of the State and to establish a Data Protection Authority of India.

New Delhi-based privacy advocacy group Internet Freedom Foundation had said the bill “provides large exemptions to government departments, prioritises the interests of big corporations, and does not adequately respect your fundamental right to privacy”.

The Bill was first brought in 2019 and was then referred to the Joint Committee.

The JCP report had identified many issues that were relevant but beyond the scope of a modern digital privacy law.

Minister of State for IT and Electronics, Rajeev Chandrasekhar, said that the PDP bill “will soon be replaced by a comprehensive framework of global standard laws, including digital privacy laws for contemporary and future challenges”.

Privacy is a fundamental right of Indian citizens and a “$1 trillion dollar digital economy requires global standard cyber laws,” Chandrasekhar said in a tweet.

According to experts, a strong data protection law is what can tame the social media platforms and internet platforms in the country, the way the General Data Protection Regulation (GDPR) in the EU has achieved.

New Delhi-based cyberlaw expert Virag Gupta said that several cases of data breach and tax evasion by Chinese companies have been detected by the Indian agencies.

“To protect national interest, a strong data protection law is need of the hour. After withdrawal of this PDP bill, the government must come with new bill within stipulated time frame which may balance the privacy rights with interest of Indian industry,” Gupta emphasised.

The government, time and again, has told Internet intermediaries and social media platforms to comply with the law of the land.

ALSO READ-‘The Indian Antarctic Bill’ to be tabled in RS

Categories
-Top News India News

National security main highlight of Personal Data Protection Bill

Once application for verification is submitted with necessary documents, the social media intermediaries must mandatorily verify the account, it added…reports Asian Lite News.

The Joint Committee Report on Personal Data Protection Bill, 2019, was presented in the Parliament on Thursday. The main highlights of the report included social media regulations, national security, and protection of employee data, among other points.

“The Committee, considering the immediate need to regulate social media intermediaries, has expressed a strong view that these designated intermediaries may be working as publishers of the content in many situations, owing to the fact that they have the ability to select the receiver of the content and also exercise control over the access to any such content hosted by them. Therefore, a mechanism must be devised for their regulation,” read the report prepared by the joint committee headed by Lok Sabha member P.P. Chaudhary.

“The Committee has, therefore, recommended that all social media platforms, which do not act as intermediaries, should be treated as publishers and be held accountable for the content they host,” the statement read, adding that a mechanism may be devised under which social media platforms, which do not act as intermediaries, will be held responsible for the content from unverified accounts on their platforms.

Once application for verification is submitted with necessary documents, the social media intermediaries must mandatorily verify the account, it added.

Moreover, the Committee has also recommended that no social media platform should be allowed to operate in India unless the parent company handling the technology sets up an office in India.

Further, the Committee has recommended that a statutory media regulatory authority, on the lines of Press Council of India (PCI), may be set up for the regulation of content on all such media platforms, irrespective of the platform where their content is published, whether online, print or otherwise.

As the Bill will deal with various kinds of data at different levels of security, a single administration and regulatory body will be set up to deal with both personal and non-personal data so as to avoid any kind of confusion, contradiction and mis-management.

“In the Committee’s view, all data has to be dealt with by one Data Protection Authority (DPA),” the report stated.

Also, a mechanism will be followed for processing personal data when a child attains the age of majority, i.e., 18 years.

“Data fiduciaries dealing exclusively with children’s data must register themselves with the Data Protection Authority. With respect to any contract that may exist between a data fiduciary or data processor and a data principal who is a child, the provisions of the majority act may apply when he or she attains the age of 18 years,” the report mentioned.

“Three months before a child attains the age of majority, the data fiduciary should inform the child for providing consent again on the date of attaining the age of majority; and whatever services the person was getting will continue unless and until the person is either opting out of that or giving a fresh consent so that there is no discontinuity in the services being offered,” it added.

The committee also stressed upon the government that it should set up a dedicated lab and testing facility, with branches spread throughout India that will provide certification of integrity and security to all digital devices.

Stating that national security is of paramount importance and India cannot compromise it on the ground of promotion of businesses, the report said that concrete steps must be taken by the Central government to ensure that a mirror copy of the sensitive and critical personal data, which is already in possession of the foreign entities, be mandatorily brought to India in a time-bound manner.

The committee observed that the employer cannot be given complete freedom to process the personal data of an employee without his or her consent for the sake of employment purposes. Therefore, it holds the view that the relation between the employee and employer is very sensitive and should be dealt with utmost care so that no harm is caused to either of them.

“As the employer collects all the data of the employee, there is a trust relation between them which the Committee thinks should be respected. Therefore, there should be equilibrium in processing of data of employee by the employer and its use or misuse by the employer. The employee must also be given the opportunity to ensure that his or her personal data is not being processed for unreasonable purposes,” it added.

To avoid creating uncertainty for the concerned stakeholders, the committee also recommended that an approximate period of 24 months may be provided for implementation of any and all the provisions of the Act so that the data fiduciaries and data processors have enough time to make the necessary changes to their policies, infrastructure, processes etc.

ALSO READ-LS passes Bills extending tenure of CBI, ED Directors