The Digital Personal Data Protection Bill, 2022

The Digital Personal Data Protection Bill, 2022

News: The draft of The Digital Personal Data Protection Bill, 2022 is expected to tabled in Parliament’s monsoon session.

Background:
• Official details of the bill will be known only once the Bill is introduced in the parliament but it is said that some of the contentious provisions have been retained from the earlier drafts.
• The Supreme court had already held Privacy to be a Fundamental Right in the KS puttuswamy judgement.

What is the significance of Privacy law?
• The Digital Personal Data Protection Bill, 2022, is a crucial pillar of the overarching framework of technology regulations which also includes the Digital India Bill — the proposed successor to the Information Technology Act, 2000, the draft Indian Telecommunication Bill, 2022, and a policy for non-personal data governance.
• The proposed law will apply to processing of digital personal data within India; and to data processing outside the country if it is done for offering goods or services, or for profiling individuals in India.
• It requires entities that collect personal data — called data fiduciaries — to maintain the accuracy of data, keep data secure, and delete data once their purpose has been met.
• The highest penalty — to be levied for failing to prevent a data breach — has been prescribed at Rs 250 crore per instance, it is learnt.

What are concerns around the Draft Bill?
• Wide ranging exemptions for the central government and its agencies have been retained.
• For example, the central government can exempt “any instrumentality of the state” from adhering to the provisions on account of national security, relations with foreign governments, and maintenance of public order among other things.
• The role of central government in appointing members of Data Protection Board.
• There is also concern that the law could dilute the Right to Information (RTI) Act, as personal data of government functionaries is likely to be protected under it, making it difficult to be shared with an RTI applicant.

What changes are likely?
• A key change in the final draft is learnt to have been made in the way it deals with cross-border data flows to international jurisdictions — moving from a ‘whitelisting’ approach to a ‘blacklisting’ mechanism.
• Whitelist – Jurisdictions where data transfer would be allowed.
• A provision on “deemed consent” in the previous draft could also be reworded to make it stricter for private entities, while allowing government departments to assume consent while processing personal data on grounds of national security and public interest.

How does India’s proposal compare with other countries?