Know everything about Digital Personal Data Protection Bill 2023

Lok Sabha passed the Digital Personal Data Protection Bill, 2023 earlier. Here’s everything you need to know about the Bill. The Bill will apply to the processing of digital personal data within India, whether obtained online or offline and then digitized. It will also apply to such processing performed outside of India if it is […]

by Reena Choudhary - August 7, 2023, 5:50 pm

Lok Sabha passed the Digital Personal Data Protection Bill, 2023 earlier. Here’s everything you need to know about the Bill.

The Bill will apply to the processing of digital personal data within India, whether obtained online or offline and then digitized. It will also apply to such processing performed outside of India if it is for the purpose of providing goods or services in India.

Personal data may be processed only for authorized purposes with an individual’s consent. Consent may not be necessary for certain lawful purposes, such as the individual’s voluntary sharing of data or processing by the State for permits, licenses, rewards, and services.

Data fiduciaries will be required to keep data accurate, secure, and erase it once its purpose has been fulfilled. Individuals are granted specific rights under the Bill, including the ability to acquire information, seek rectification and erasure, and have their grievances heard.

The central government may exclude government agencies from the Bill’s provisions in the interest of stated reasons such as state security, public order, and crime prevention.

The national government will establish the Data Protection Board of India to rule on noncompliance with the Bill’s requirements. Exemptions from data processing by the state for reasons such as national security may result in data collection, processing, and retention that exceeds what is required. This could be a violation of the fundamental right to privacy.

The Bill does not address the risks of harm associated with the processing of personal data. The Bill does not offer the data principal the right to data portability or the right to be forgotten.

Except for nations recognized by the central government, the Bill provides for the transfer of personal data outside of India. This mechanism may not enable proper review of data protection standards in countries where personal data transmission is permitted.

Members of India’s Data Protection Board will be appointed for a two-year term and will be eligible for reappointment. The short term with the possibility of reappointment may have an impact on the Board’s independence.