New Delhi: The much-awaited Data Protection Bill, aimed at safeguarding personal data in the country, was learnt to have been approved by the Union Cabinet on Wednesday. "The Bill includes almost all the provisions of the last draft that was issued by the Ministry of Electronics and Information Technology for consultation, but few minor changes are also done. However, the government entities have not been granted blanket exemption under the proposed law," a top source familiar with the development said.
"In case of disputes, the Data Protection Board will decide the matter. However, citizens will have the right to claim compensation by approaching civil court. There are a lot of things that will evolve gradually. Besides, individuals will have the right to seek details about their data collection, storage and processing once the law is implemented. These concerns would be discussed among Parliamentarians when it is tabled in the House. It remains to be seen how all the issues surrounding the Bill will be addressed during the parliamentary proceedings," the source added.
The Bill will have jurisdiction over the processing of digital personal data in India. This includes data collected online or offline and later digitised. The Bill will also apply to the processing of data outside of India if it involves offering goods or services or profiling individuals in India. Also, in order to ensure that provisions of the Bill are enacted properly, a data protection board would be set up and it will hear grievances of the people and redress them.
The Bill will entail a fine of up to ₹500 crore if one's personal data is misused. Data fiduciaries are required to ensure the accuracy and security of the data and delete it once its purpose has been fulfilled. The Bill also grants individuals certain rights, including the right to access information, request corrections and deletions, and seek redressal for grievances.
The withdrawal of the previous data protection Bill formulated by the Justice B.N. Srikrishna Committee in 2018 led to the necessity of this Bill. The new Bill has simplified regulations by focusing on personal data and has removed the need to locally store all user data by businesses, instead allowing the leeway of storing such data in 'trusted geographies'.
