- Union IT Minister said that the Parliamentary Standing Committee on IT and Communications had given a big thumbs up to the draft Digital Personal Data Protection Bill, 2022.
- The purpose of this Bill is to provide for the processing of digital personal data in a manner that recognises the right of individuals to protect their personal data, the need to process personal data for lawful purposes.
- There are 760 million active internet users in India the number for which is expected to be 1.2 billion in upcoming years.
- That is why laws and rulemaking for the internet have to be around the basic foundational principles and expectations of our citizens of openness, safety, and trust and accountability.
- Based on seven principles around the data economy.
- The first and second principles call for organisations to be more transparent with users’ personal data.
- The third principle calls for “data minimisation” which is collecting those items of personal data only for what is needed.
- The fourth principle is about the accuracy of personal data.
- The fifth one calls for a “storage limitation” so that personal data is not being stored perpetually by default.
- The last two principles call for reasonable safeguards to prevent data breaches and ensure there is no unauthorised collection or processing of personal data and the person who is in charge of such processing should be held accountable for it.
Powers with the Centre:
- Under the draft, the Centre has been empowered to:
- appoint the data protection board, which would play an adjudicating role in enforcing terms of the Bill;
- release white-list of trusted geographies for cross-border data flows; and
- exempt itself and its agencies from adhering to provisions of the Bill on account of national security.
The Indian government and state agencies have several exemptions from the proposed law in the interest of national security.
- The exemptions of the draft bill talks about how the government can process personal data without the users’ consent in the interests of:
- sovereignty and integrity of India,
- security of the State,
- friendly relations with foreign States,
- maintenance of public order or
- preventing incitement to any cognizable offence relating to any of these.
- Storage of data:
- Government agencies can also under certain circumstances indefinitely store personal data.
- It could result in mass surveillance.
There are some improvements over the earlier version.For instance, the draft Bill makes it mandatory for data fiduciaries to inform users in the event of a data breach.The earlier version of the Bill did not have this provision.
SOURCE: THE HINDU, THE ECONOMIC TIMES, PIB