New Delhi [India], August 9 (ANI): After Parliament passed Digital Personal Data Protection Bill 2023, Union Telecom and IT Minister Ashwini Vaishnaw on Wednesday called it a “landmark bill” in Prime Minister Narendra Modi’s vision of Digital India.
“It is a historic day today. The Parliament of India passed a very important legislation. Today the Digital Personal Data Protection Bill was passed in the Rajya Sabha. It is a landmark bill in PM Modi’s vision of Digital India,” Minister Vaishnaw said.
He further said that with this bill, the digital world will become safer and more trustworthy. “140 crore citizens who use digital means for accessing so many services will get data protection legislated by the Parliament…With this bill, the digital world will become safer, more trustworthy and it will have a significant impact on common citizens’ lives”, he added.
The Rajya Sabha on Wednesday passed the Digital Personal Data Protection Bill, 2023 which seeks to set out requirements for firms collecting data online, with exceptions for the government and law enforcement agencies. It also lays down the obligations of entities handling and processing data as well as the rights of individuals.
The Bill, which was passed by voice vote in the absence of Opposition leaders who earlier walked out of the House, apply to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised. It will also apply to such processing outside India, if it is for offering goods or services in India.
The Bill amends the Right to Information Act, 2005 to remove public interest exemptions on disclosing personal information. The RTI Act currently allows public authorities to disclose personal information, such as officials’ salaries, when it is in the public interest. The Bill would remove these caveats and completely disallow disclosing personal information.
The Bill, which was passed by the Lok Sabha on August 7, proposes a maximum penalty of Rs 250 crore and minimum of Rs 50 crore on entities violating the norms.
Personal data may be processed only for a lawful purpose upon consent of an individual. Consent may not be required for specified legitimate uses such as voluntary sharing of data by the individual or processing by the State for permits, licenses, benefits, and services.
Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met. The Bill grants certain rights to individuals including the right to obtain information, seek correction and erasure, and grievance redressal.
The central government may exempt government agencies from the application of provisions of the Bill in the interest of specified grounds such as security of the state, public order, and prevention of offences. The central government will establish the Data Protection Board of India to adjudicate on non-compliance with the provisions of the Bill.
The Bill does not regulate risks of harms arising from processing of personal data, and does not grant the right to data portability and the right to be forgotten to the data principal. The Bill allows transfer of personal data outside India, except to countries notified by the central government. This mechanism may not ensure adequate evaluation of data protection standards in the countries where transfer of personal data is allowed.
The members of the Data Protection Board of India will be appointed for two years and will be eligible for re-appointment. The short term with scope for re-appointment may affect the independent functioning of the Board. (ANI)