In the Lok Sabha, the Digital Personal Data Protection Bill, 2023 was passed by voice vote amidst constant sloganeering from the opposition benches. With exceptions for the government and law enforcement institutions, the Bill outlines obligations for businesses that collect data online.
The bill, which is currently headed its way to the Upper House, also modifies the Right to Information Act, 2005, by removing the public interest exceptions for disclosing personal information.
In his statements, Ashwini Vaishnaw, the minister of electronics and information technology, dismissed concerns about extensive government exemptions, surveillance, and the amendment of the RTI Act.
“If there is a natural disaster or earthquake, should we worry about … consent notices, or focus on people’s safety,” Mr. Vaishnaw asked. “If the police is pursuing an offender somewhere, will they concern themselves with forms, or will there be action?”
On Thursday, the Digital Personal Data Protection Bill, 2023 was presented in the Lok Sabha, almost six years after the Supreme Court pronounced privacy as a basic right protected by the Constitution. The legislation has gone through at least three different iterations, with the most recent one being withdrawn from Parliament a year ago.
Although the bill was introduced as a financial bill, Ashwini Vaishnaw, the minister of electronics and information technology, informed the Lok Sabha that it was not a financial bill.
The Bill mandates that businesses better protect digital information gathered from people (referred to as "data fiduciaries" in the former case and "data principals" in the latter), by disclosing to them what information is being collected and why, appointing and giving the contact information for a Data Protection Officer, and providing users the right to delete or modify their personal information. Similar obligations are enforced by other data protection laws around the world, such as the General Data Protection Regulation of the European Union, on which these regulations are based.
Companies that fail to protect customer data or violate disclosure standards might face fines ranging from 50 crore to 250 crore, according to the proposed bill. According to government sources, these fines can be compounded, meaning that the same data fiduciary may receive different fines for each infringement.
The Bill creates the foundation for the Data Protection Board of India (DPBI) to be established. And appointments of members will be made by the Union Government through notification.
What is the new Data Protection Bill?
© Copyright 2023. All Rights Reserved Powered by Vygr Media.
