HYDERABAD: On Monday, Lok Sabha approved the Digital Personal Data Protection Bill 2023 without any amendments. The bill aims to fix the responsibilities of the organisations handling the data and processing it. It further aims to define the rights of individuals with respect to the safety of their digital personal data.
The provisions of the bill, while recognising and safeguarding the rights of individuals to protect their personal data, also acknowledge the requirement to process such data for lawful purposes.
The provisions of the bill will be applicable to the personal data gathered in India from the respondents online as well as gathered offline but is then converted to digitized format later on. It will also be applicable to data collection and digitization outside India if it is to be used for offering goods or services to individuals in India.
Some of the key provisions of the bills are:
Even if the user's personal data is stored with a third-party processor its protection has to be ensured by the entities dealing with user data.
-Companies have to notify the data protection board (DPB) and the users at the earliest in the event of a data breach.
-Data of physically disabled persons and children must be processed only after receiving the consent of their guardians.
- Companies are required to appoint a data protection officer and share the information about such appointments with the users.
- Authority to restrict the transfer of personal data to any country/territory outside of India remains with the Centre.
- DPB decisions can be appealed against in Telecom Disputes Settlement and Appellate Tribunal
-DPB Can summon, examine people under oath, audit books and documents of the entities working on personal data
-DPB to consider the nature and gravity of the data breach along with the type of data affected by the breach, to decide on the penalty for the erring entity.
-If DPDP Bill provisions are breached more than twice, DPB may recommend to the government to block the concerned intermediary’s access to data.
-Penalties starting with Rs 50 crores can go up to Rs 250 crores for a data breach, failure to protect the data or notify the DPB and the users of the breach.
