Scribd
Upload
13 views

Data Protection Bill

The Digital Data Protection Bill aims to establish a legal framework for data protection in India. It defines key entities like Data Principals (individuals), Data Fiduciaries (entities collecting data), and a Data Protection Board. It requires consent for data collection and processing, and gives individuals rights to access, correct, and delete personal data. The Bill also outlines security obligations for Data Fiduciaries and penalties for non-compliance.

Uploaded by

ROOPINI NAIK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views

Data Protection Bill

The Digital Data Protection Bill aims to establish a legal framework for data protection in India. It defines key entities like Data Principals (individuals), Data Fiduciaries (entities collecting data), and a Data Protection Board. It requires consent for data collection and processing, and gives individuals rights to access, correct, and delete personal data. The Bill also outlines security obligations for Data Fiduciaries and penalties for non-compliance.

Uploaded by

ROOPINI NAIK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Explainwallah

Digital Data Protection Bill

● Your Data is everywhere, a lot of people might access it!


● Companies will call you
● Who are the major players? - Data Principal + Data Fiduciary + Data
Protection Board
● Data Principals: Me, you and all citizens + Digital Nagriks
● Data Fiduciary: Business house, Campaigns, startups who will use this
data!
● Data Protection board: Critical player + Government appointed body
which takes care whether the Data is secure.

Why should it be prevented?

● Currently, India does not have a standalone law on data protection.


● Use of personal data is regulated under the Information Technology (IT)
Act, 2000.
● In 2017, the central government constituted a Committee of Experts on
Data Protection, chaired by Justice B. N. Srikrishna, to examine issues
relating to data protection in the country.
● Data breaches are becoming regular occurrences. It was reported in June
2023 that a major privacy breach with respect to the CoWIN portal had
taken place and personal details of vaccinated users had been leaked on
Telegram.
● Recently, in July 2023, about 12,000 confidential records of State Bank of
India employees were reportedly made public on Telegram.

What is Applicability?

● The Bill applies to the processing of digital personal data within India
where such data is: (i) collected online, or (ii) collected offline and is
digitised.
● It will also apply to the processing of personal data outside India if it is for
offering goods or services in India.
Q. What is Consent?

ANS:
● Personal data may be processed only for a lawful purpose after obtaining
the consent of the individual.
● A notice must be given before seeking consent.
● The notice should contain details about the personal data to be collected
and the purpose of processing.
● Consent may be withdrawn at any point in time.
● Consent will not be required for ‘legitimate uses’ including: (i) specified
purpose for which data has been provided by an individual voluntarily, (ii)
provision of benefit or service by the government, (iii) medical
emergency, and (iv) employment.
● For individuals below 18 years of age, consent will be provided by the
parent or the legal guardian.

The rights and Duties of Data Principal & Daya Fiduciary

Data principal

● An individual whose data is being processed (data principal), will have the
right to: (i) obtain information about processing, (ii) seek correction and
erasure of personal data, (iii) nominate another person to exercise rights
in the event of death or incapacity, and (iv) grievance redressal.

Data fiduciaries

● The entity determining the purpose and means of processing, (data


fiduciary)
● make reasonable efforts to ensure the accuracy and completeness of
data
● build reasonable security safeguards to prevent a data breach
● inform the Data Protection Board of India and affected persons in the
event of a breach
● erase personal data as soon as the purpose has been met and retention
is not necessary for legal purposes (storage limitation).

Exemptions

● prevention and investigation of offences


● enforcement of legal rights or claims.
Data Protection Board of India & Penalties

● The central government will establish the Data Protection Board of India.
● Appeals against the decisions of the Board will lie with TDSAT. (Telecom
Disputes Settlement and Appellate Tribunal
● The schedule to the Bill specifies penalties for various offences such as
up to: (i) Rs 200 crore for non-fulfilment of obligations for children,
● Rs 250 crore for failure to take security measures to prevent data
breaches.
● Penalties will be imposed by the Board after conducting an inquiry.

The Bill is based on the following seven principles:

1. The principle of consented, lawful and transparent use of personal data;


2. The principle of purpose limitation (use of personal data only for the
purpose specified at the time of obtaining consent of the Data Principal);
3. The principle of data minimisation (collection of only as much personal
data as is necessary to serve the specified purpose);
4. The principle of data accuracy (ensuring data is correct and updated);
5. The principle of storage limitation (storing data only till it is needed for
the specified purpose);
6. The principle of reasonable security safeguards; and
7. The principle of accountability (through adjudication of data breaches
and breaches of the provisions of the Bill and imposition of penalties for
the breaches).

You might also like