Lok Sabha is set to discuss the Digital Personal Data Protection (DPDP) Bill 2023 on Monday, 7 August for consideration and passing. On 3 August, Union Communications, Electronics and Information Technology Minister Ashwini Vaishnaw had introduced the bill in the lower house of the parliament.
Opposition bloc INDIA members strongly opposed the introduction of the bill and said that the bill violates the fundamental right to privacy.
The Opposition bloc in Lok Sabha had also sought that the bill be sent to the standing committee for scrutiny. They said the government had withdrawn a bill on data protection last year and the new bill needs more scrutiny.
Vaishnaw said that it is not a money bill and all issues raised by the opposition will be answered during the debate.
The Bill provides for the processing of digital personal data in a manner “that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes”.
In view of the feedback from stakeholders and various agencies, the Bill was withdrawn in August 2022. On November 18, 2022, the government published a new draft Bill, titled the Digital Personal Data Protection Bill 2022, and initiated a public consultation on this draft.
A comprehensive and detailed consultation was held on this subject. 21,666 comments were received from the public and a series of consultations were held with 46 sector organisations, associations and industry bodies.
Comments were also received from 38 ministries/departments of the Government of India. The reintroduced draft Digital Personal Data Protection Bill 2022 proposed six types of penalties on non-companies to companies.
To prevent a personal data breach, a penalty of up to ₹250 crore is being proposed in the draft bill which was put out for public comments. Besides, failure to notify the Board and affected Data Principals in the event of a personal data breach and non-fulfilment of additional obligations in relation to children may attract a penalty of up to ₹200 crore.
Non-fulfilment of additional obligations of Significant Data Fiduciary under sections 11 and 16 of the Act may attract ₹150 crore and ₹10 crore fines, respectively.
Lastly, non-compliance with provisions of this Act other than those listed in (1) to (5) and any rule made thereunder will attract penalties up to ₹50 crore. Points that emerged in the course of consultations and comments were thoroughly studied and the draft Digital Personal Data Protection Bill 2023 was finalised.
The purpose of this Act, the draft said, is to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process personal data for lawful purposes.
During the drafting of the Personal Data Protection Bill in 2019, the government said that the entire gamut of principles was widely debated and discussed. These include the rights of individuals, duties of entities processing personal data and regulatory framework, among others.
The first principle of the proposed Bill is that usage of personal data by organisations must be done in a manner that is lawful, fair to the individuals concerned and transparent. The second principle of purpose limitation is that the personal data is used for the purposes for which it was collected.
The third principle of data minimisation is that only those items of personal data required for attaining a specific purpose must be collected. Among others, personal data should be limited to such duration as is necessary for the stated purpose for which personal data was collected and reasonable safeguards to ensure that there is no unauthorised collection or processing of personal data are some features.
(With inputs from ANI)
Catch all the Business News, Politics news,Breaking NewsEvents andLatest News Updates on Live Mint. Download TheMint News App to get Daily Market Updates.