The data protection bill is proposed legislation that seeks to protect the personal data of individuals and establish guidelines for collecting, storing, and processing collected data. The new digital personal data protection bill, 2022, has been presented in the Indian parliament.
Approximately 137 of 194 countries have legislated to secure individual data and protect privacy.
Currently, India does not have a standalone law on data protection. However, personal data usage operates under the Information Technology (IT) Act, 2000.
The earlier bill, the “Personal Data Protection Bill” (PDP), was withdrawn in August 2022, and the new draft titled the “Digital Personal Data Protection Bill 2022” has been introduced by the Center’s Ministry of Electronics and Information Technology (MeitY).
If the bill is passed in parliament, This Act may be called the Digital Personal Data Protection Act, 2022.
A brief history of the preparation of the data protection bill in India
In 2017, the central government formed a committee of specialists on data protection. Justice BN Srikrishna chaired the committee to identify data protection and privacy issues in India.
The committee submitted its findings in July 2018 and based on the committee recommendations, the Personal Data Protection (PDP) Bill, 2019, was introduced in Lok Sabha in December 2019.
The PDP bill was referred to a Joint Parliamentary Committee, which presented its report in December 2021, and in August 2022, the PDP bill was withdrawn from Parliament.
In November 2022, the Ministry of Electronics and Information Technology released the updated draft as the digital personal data protection bill, 2022for public feedback.
The main points of the new draft of the digital personal data protection bill, 2022
- The proposed Bill is designed to protect the rights of data subjects and ensure compliance. It will apply to the processing of digital personal data within India, regardless of where it is collected online or offline. The Bill also outlines a framework for complying with applicable laws outside India for offering goods or services or profiling Indian individuals.
- Any personal data may be processed by companies only for specific purposes to which a person has consented. Consent may be deemed in certain cases.
- The new digital data protection bill, 2022 gives specific rights to individuals, like the right to get information, seek modification if required and erasure, grievance redressal, etc.
- Data fiduciaries must preserve data accuracy and security and delete the data once its purpose has been finished.
- The GoI will set the Data Protection Board of India to judge non-compliance with the provisions of the Bill.
- The GoI may exempt government agencies from the application of provisions of the Bill in the interest of specified grounds such as security of the state, public order, and prevention of offenses.
Businesses should start working on a data protection plan
Businesses should start implementing their own data protection plan. Data protection plans should be a top priority for companies that collect, store, and process personal data, regardless of whether or not there is a legal requirement to do so.
GoI has been pushing for more robust data protection laws focusing more on personal data and privacy. A data protection plan can help businesses protect the personal data of their customers, employees, and other stakeholders and ensure compliance with applicable data protection regulations.
A comprehensive data protection plan should include a data protection policy, access control and encryption, data inventory and classification, employee training and awareness, an incident response plan, and regular data protection audits and assessments.
By having a comprehensive data protection plan in place, businesses can ensure the security of personal data, thereby maintaining trust with customers, employees, and other stakeholders.
The following are the major benefits of digital data protection bill for businesses
- Protection of privacy: The Bill aims to protect the privacy of individuals and provide them with greater control over their data.
- Increased trust: By providing greater protection and control of their personal data, the Bill is expected to increase trust between individuals and organizations. This can lead to stronger relationships between businesses and their customers and stakeholders.
- Improved data security: The Bill introduces strict requirements for data controllers and processors to implement suitable technical and organizational measures to secure data.
- Boost to the digital economy: By ensuring personal data protection, the Bill can help build consumer confidence in digital products and services, encouraging more widespread adoption of digital technologies.
