Digital Personal Data Protection Bill Approved, To be Tabled in Monsoon Session

Digital Personal Data Protection Bill has been approved by the cabinet. Baijayant Jay Panda, National Vice President BJP, termed the move as a major milestone in safeguarding the digital landscape in India. “It is personally gratifying for me, having campaigned for privacy & data protection for years. I had moved private members bills in parliament in 2009 (Prevention of Unsolicited Telephonic Calls & Protection of Privacy) & in 2017 the Data (Privacy and Protection) Bill, then the first of its kind in India. With its robust provisions to preserve privacy, strengthen data security & foster trust, this latest iteration of the bill will serve as a catalyst for our nation's digital transformation as well as help shape global rules.”

The Bill sets out the rights and duties of the citizen (Digital Nagrik) and the obligations of the Data Fiduciary to use the collected data lawfully. As part of the compliance framework, the bill envisages the setting up of a Data Protection Board of India to determine non-compliance with the provisions of the Bill, impose penalty for such non-compliance, and perform such other functions as the Central Government may assign to it under the provisions of the Bill or any law.

Namita Viswanath, Partner, INDUSLAW, said: “It appears like the much awaited Digital Personal Data Protection Bill will soon see the light of the day. India was in long need of a standalone data protection framework, that is consistent with international adequacy standards and facilitates ease of doing business globally. The new framework will empower data principals to enforce their fundamental right to privacy, manage their personal data more efficiently, and make businesses more accountable to their users. Since the bill has been through multiple revisions, it remains to be seen whether and to what extent some of the concerns raised on the provisions of the previous drafts have been addressed.”

The bill, according to the Government of India, ensures that a corporate or any person collecting, receiving, possessing, storing, dealing or handling information on behalf of the body corporate is required to observe for protecting personal data of users. These practices and procedures include the requirements that such body corporate or person publish on the website a policy for privacy and disclosure of personal information, data or information, to use information collected for the purpose for which it has been collected, to keep it secure and to obtain prior permission of the information provider for disclosing personal data, adds the Indian Government.