Data protection Bill tabled in Lok Sabha: All you need to know about the new legislation | India News – Times of India
Various opposition members opposed the Bill at the introduction stage, questioning the measure.
Congress leader in Lok Sabha Adhir Ranjan Chowdhury and his party colleagues Manish Tewari and Shashi Tharoor said the issue of Right to Privacy was involved and the government should not rush with the Bill.
Here is all you need to know about the proposed legislation:
According to the Centre, the Bill is an attempt to create a comprehensive data privacy law. It is part of a group of legislations, including the National IT Governance Framework Policy and a new Digital India Act.
According to the draft legislation, the aim of PDPB “is to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process personal data for lawful purposes, and for matters connected therewith or incidental thereto.”
- The PDPB applies to digital personal data processed in India and excludes any personal data that is not digitised and offline personal data.
- It also applies to any entity that processes personal data outside India but relates to any data principal within India.
- There is a provision in the Bill for creating the Data Protection Board of India (DPB), which will be the first regulatory body in India focused on protecting personal data privacy.
- The DPB will oversee compliance and impose penalties on non-compliant organizations.
According to a report by the The proposed law also establishes numerous rights of citizens, known as Data Principals:
- Right to information: This gives data principals the right to information about the processing of their personal data and a summary of their personal data
- Right to withdraw consent: Data principals have the right to withdraw consent if they decide they don’t want their data to be processed. They also have the right to know if their data has been shared with a third party.
- Right to correction and erasure: Data principals have the right to correct inaccuracies in their personal data and the right to request erasure of their personal data.
- Right of grievance redressal: This gives data principals the right to register a grievance with the data fiduciary. Should the fiduciary not respond or provide an unsatisfactory response, data principals have the right to escalate a grievance to the Data Protection Board.
The Bill enumerates some obligations of Data Principals, including not providing false information, filing false complaints.
Meanwhile, data-holding companies have numerous responsibilities under the new proposed law
- They must clearly explain to data principals what personal data the data fiduciary wants to collect and the purpose of collecting the data
- Obtain informed consent to collect an individual’s personal data
- Allow data principals to withdraw consent at any time
- Allow data principals to correct, update, or request erasure of personal data where it is no longer needed
- Take steps to ensure that data processed is accurate and complete
- Implement appropriate security measures to prevent personal data breaches
- Only retain an individual’s data as long as it is needed for the purpose it was collected
- Notify the Data Protection Board and all data principals impacted if a data breach occurs
- Implement a contract before sharing or transferring data to another fiduciary or to a data processor
Additionally, some larger data organisations will also be required to appoint a data protection officer, and an independent auditor to conduct periodic audits to ensure ongoing compliance.
