India, the world’s largest data market after China, moved a step closer to passing The Digital Personal Data Protection Bill, 2023.
KEY TAKEAWAYS FROM THE BILL
- PROCESS PERSONAL DATA OF USERS:
- Only for which consent of the user has been received, leave all other personal data out.
- If the govt. or its agencies so require in the interest of sovereignty and integrity of India or security of the state.
- If the govt. or its agencies require it for fulfilling any obligation under any law for the time being in force in India on any person.
- To comply with any judgment , decree or order passed by a court under any law.
- To respond to a medical emergency , for taking measures to provide medical help, health services during pandemic, outbreak of diseases , any other threat to public health.
- Data to be processed in India/outside India only after clear consent accompanied by clear, legible notice in simple language, purpose must be stated.
- Can withdraw consent at any time, following which companies must stop, delete personal data.
- Cost and consequences of withdrawal of consent to be borne by the user.
- Penalties up to ?250 crore for instances of data breach, failure to protect personal data or inform DPB and users of breach.?
- If an entity is penalized in more than two instances, the central govt. after hearing from the entity can decide to block their platform in the country.
????4. WHAT COMPANIES SHOULD DO?
- Companies dealing with user data must protect personal data even if it is stored with a third party data processor.
- In case of data breach, companies must inform the Data protection Board(DPB) and users.
- Children’s data and data of physically disabled persons with guardians must be processed after the consent from the guardian.
- Companies must appoint a Data protection Officer, provide such details to users.
- The bill has introduced the concept of voluntary disclosures by companies in case of a breach along with an alternative dispute resolution mechanism to reduce the burden on the judiciary. “If a company makes a mistake, they have the option of voluntary disclosure , it’s like the plea bargain provision in the US law”
It is the high time when companies should explore legal opinions and overhaul the entire process within the organization and make sure they comply with the upcoming legislation.
