The much-anticipated Digital Personal Data Protection Bill has passed through the Rajya Sabha, marking a significant step towards its enactment. This approval from the Upper House now sets the stage for the bill’s final passage as it heads to the President for her assent.
The Lok Sabha had already given its approval on August 7, effectively completing the parliamentary process. The government is aiming to implement the Digital Personal Data Protection Act 2023 within the next 10 months, a development that has been in progress since 2018.
After the passage of the Bill, Union Minister for Electronics & information technology Ashwini Vaishnaw said: “140 crore citizens who use digital means for accessing so many services will get data protection legislated by the Parliament… With this bill, the digital world will become safer, more trustworthy and it will have a significant impact on common citizens’ lives.”
Understanding the Digital Personal Data Protection Bill
The Digital Personal Data Protection Bill introduces crucial measures aimed at safeguarding personal data. Companies will be required to adhere to specific rules when collecting and processing personal information. Notably, severe penalties of up to Rs 250 crore are outlined for instances of data breaches. The bill encompasses a broad definition of ‘personal data’, which includes any data linked to an identifiable individual.
The legislation defines a personal data breach as the unauthorized processing, accidental disclosure, acquisition, sharing, use, destruction, or loss of access to personal data, compromising its confidentiality, integrity, or availability. The bill classifies the data ecosystem into Data Fiduciaries, responsible for determining the purpose and means of data processing, and Data Principals, individuals to whom the personal data belongs. These entities’ roles, responsibilities, rights, and duties are clearly outlined.
The bill empowers companies to transfer users’ data abroad while granting the government the authority to request information from firms and issue content-blocking directives. These powers are exercised with guidance from a data protection board appointed by the Union government.
Union IT Minister Ashwini Vaishnaw expressed his disappointment with the lack of discussion from opposition leaders regarding the bill’s essential implications. He emphasized that the rights of citizens should be a priority. The minister said that the implementation process is underway and might be completed within 6-10 months, possibly even sooner.
While the bill has been met with support, it has also faced criticism. The Internet Freedom Foundation raised concerns about potential surveillance loopholes, and the Editors Guild of India expressed worries about its impact on press freedom and the Right to Information law.
