“India’s Lok Sabha Passes 2023 Data Protection Bill: Safeguarding Digital Personal Data”
In a significant move to protect individuals’ digital personal data, India’s Lok Sabha has given its stamp of approval to the Digital Personal Data Protection Bill of 2023. The bill passed without any amendments, seeks to establish a framework that outlines the responsibilities of organizations handling and processing personal data while ensuring the rights and safety of individuals.
The main goal of the bill is to establish clear guidelines for safeguarding digital personal data and defining the rights of individuals in the digital realm. The provisions of the bill strike a balance between recognizing individual rights and the lawful processing of data.
Crucially, the bill covers a broad spectrum of scenarios. It applies to personal data collected both online and offline, as long as it is later digitized. Even if a user’s personal data is stored by a third-party processor, the entity responsible for user data must ensure its protection.
To enhance transparency and accountability, companies are now mandated to promptly notify both users and the Data Protection Board (DPB) in the event of a data breach. Special consideration is given to the data of physically disabled individuals and children, requiring the consent of their guardians before processing their data.
The bill also compels companies to appoint a data protection officer, ensuring that users are informed about such appointments. Notably, the authority to restrict the transfer of personal data outside India rests with the Centre, providing an added layer of security.
The DPB, empowered by the bill, holds a pivotal role in overseeing data protection. It possesses the authority to summon and examine individuals under oath and conduct audits of the entities handling personal data. The severity of data breaches is taken into account when determining penalties, with factors such as the nature of the breach and the type of data compromised playing a significant role.
Penalties for non-compliance are robust and commensurate with the level of breach. They range from Rs 50 crores to a substantial Rs 250 crores for offenses such as data breaches, failure to protect data, or neglecting to notify both the DPB and users about a breach.
Importantly, if the provisions of the DPDP Bill are breached repeatedly, the DPB may recommend blocking the concerned intermediary’s access to data. This emphasizes the gravity of upholding data protection standards.
Furthermore, the bill ensures a recourse mechanism. Decisions made by the DPB can be appealed at the Telecom Disputes Settlement and Appellate Tribunal, assuring a fair and just process.
India’s Digital Personal Data Protection Bill of 2023 is a watershed moment in ensuring the safety and privacy of individuals’ digital personal data. By compelling organizations to uphold data protection standards, appoint data protection officers, and abide by stringent penalties, the bill paves the way for a more secure and transparent digital landscape. As technology continues to evolve, this legislation sets a strong precedent for data protection in the digital age.