Government releases revised Data Protection Bill: Here's eveything to know
The Indian government has released a revised draft of the data protection bill three months after it was withdrawn from the Lok Sabha. The new Digital Personal Data Protection Bill, 2022 is expected to be presented in the next session of parliament. The Ministry of Electronics and Information Technology (MeitY) has put up the bill for public opinion till December 17.
Why does this story matter?
- In India, there are 76 crore active internet users, and that number is only going to increase.
- Data processing is an important requirement to make the country business-friendly. However, it should not violate the right to privacy. This is where a data protection act comes in.
- Considering how much time we spent online, such a law is very important to all of us.
Act recognizes right to privacy and need to process data
The purpose of the act, the bill said, "is to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process personal data for lawful purposes, and for matters connected therewith or incidental thereto." If passed, the act will be called Digital Personal Data Protection Act, 2022.
The draft allows cross-border transfer of personal data
In a major win for tech companies, the draft provides for cross-border data transfer to certain countries. In such cases, the government will notify a country or territory to which a company can transfer personal data. The draft didn't name the countries. Minimally regulated cross-border data transfer of personal data has been a long-standing demand of tech companies.
The penalty for non-compliance is up to Rs. 500 core
In the new draft, the government has increased the penalty for violation of provisions. The penalty for not providing safeguards to prevent a data breach is now up to Rs. 250 crore. Another Rs. 200 crore fine if the company fails to inform the authority and users about a data breach. There are more penalties but the total won't exceed Rs. 500 core.
A company cannot store data perpetually
The draft proposes that the data collected by a company should be used only for the purpose it was collected. It also says that a firm should not store data perpetually and must remove it once the purpose for which it was collected is not served, or when it is not necessary for any legal or business reasons.
Bill provides for the establishment of a Data Protection Board
The bill provides for the establishment of a Data Protection Board of India. The board will determine non-compliance with the provisions of the act and may impose a penalty if necessary.
Why was the previous draft withdrawn?
The previous draft was unveiled in 2019. However, it was withdrawn because the Joint Parliamentary Committee recommended 81 amendments to a bill with just 91 sections. On top of that, there were 12 major recommendations. This led the government to decide there was no option but to withdraw the bill. The previous bill was criticized for being favorable to government departments and big corporations.