INDIA’S LOK SABHA PASSES DIGITAL PERSONAL DATA PROTECTION BILL 2023, SAFEGUARD PRIVACY RIGHTS.
INTRODUCTION
On August 1, 2023, the Lok Sabha, the lower house of India’s Parliament passed the Digital Personal Data Protection Bill, 2023 which seeks to protect the rights to privacy of individuals. This particular bill is a major step towards framing concrete legal provisions that would protect personal data in the digital age as apprehensions of privacy and security breaches are rising in India.
?
BACKGROUND
The root of the Digital Personal Data Protection Bill can be understood from the judgment passed by the Supreme Court of India in August 2017 which held the Right to privacy as a fundamental Right under the Indian Constitution. This judgment raised high demands for the need to pass legislation on the protection of data that was to act as a legal framework for handling of personal data.
In this regard, the Indian government set up a committee comprising Justice B. N. Srikrishna to recommend a structure to protect data. Thus, the adopted recommendations of the committee led to the presentment of the Personal Data Protection Bill, 2019. But, after several rounds of revision based on the public consultations the bill was reintroduced as the Digital Personal Data Protection Bill, 2023. This new bill takes into account the feedback of many stakeholders and adapts to new phenomena in the protection of data.
KEY ASPECTS
1. Scope and Applicability: The bill is in connection with personal data being processed within India and it also captures data that is processed outside India but which is made available to persons in India for goods or services. It offers general coverage to safeguard the Indian citizens’ data globally.
?
2. Consent-Based Framework: The bill is grounded on some principal provisions and among them, one of them is that consent of the individuals is to be sought before data processing. Data controllers are the organizations that are setting the goals and means of the data processing activities and according to the GDPR, they need to ensure that consent given by the data subject is freely given, specific, informed, and unambiguous. The kind of consent that must be given is voluntary, for the stated or proposed purpose, with full information as to the purpose and, specifically, revocable at any given time.
?
3. Rights of Data Principals: The following rights are given to the principals or the data by the bill, namely:
-The fourth freedom that it tampers with is the one that wants to use their data.
-Which comprises the right to rectification and the right to be forgotten which enshrine the right to require the controller to erase personal data that is no longer relevant or true.
-The right to data portability and the right to object have meanwhile brought the data subjects’ rights to a new paradigm.
-The right to object to processing – the right is to require that the data about the person should be deleted in situations where such a person does not wish to agree that data concerning him or her should be processed.
-These rights afford the persons with some form of control as to what is being done with their data.
?
4. Obligations of Data Fiduciaries: Personal data must be protected and this suggests that data fiduciaries must ensure that proper measures are put in place to safeguard the information because loss of integrity can be fatal. They also have to perform data protection impact assessments and data protection audits not less frequently than once in twelve months to assess possible risks regarding the processing of personal data.
?
5. Data Protection Board of India: This bill has also provided for an independent regulatory authority, the Data Protection Board of India, which shall be charged with the responsibility to ensure compliance with the data protection laws. It empowers the DPBI to investigate violations, impose penalties, and issue guidelines concerning data processing activities.
?
6. Transfers Across Borders: This law allows for the transfer of information across borders to those countries or entities that afford an adequate level of data protection. The government maintains the power to designate countries or territories in which it forbids or requires more precautions for data transfers.
The approval of the Digital Personal Data Protection Bill, 2023, is somewhat of a blemish on India's legal landscape, distinctly providing an effective framework of data privacy in accordance with world standards. This law gives people more control over their data and puts stringent obligations on businesses. Effective enforcement will be ensured through the institution of the Data Protection Board of India. While this bill is a huge step ahead, its successful execution is bound to depend on the ability of the legislature to iron out areas of potential legal conflicts and balance privacy rights at par with innovation and economic growth. It is a much-needed step towards the creation of a safe, trusted Digital India.
?
“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal falls into the category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”
WRITTEN BY: PAYAL DEVNANI.