New Delhi [India]: After introduction of The Digital Personal Data Protection Bill, 2023 in the Lok Sabha on Thursday, Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said that this Bill is a very significant milestone in Prime Minister Narendra Modi’s vision which will protect the rights of all citizens.
Taking to Twitter Chandrasekhar said that “DPDPBill introduced in #Parliament is a very significant milestone in PM @narendramodi ji’s vision of Global Standard Cyber Laws for India’s $1T #DigitalEconomy and #IndiaTechade.
“@GoI_MeitY has developed this bill after extensive consultations which I personally led – with all stakeholders including #DigitalNagriks,” he tweeted.
He further explained that “This new Bill after it is passed by Parliament, will protect the rights of ALL citizens, allow the innovation economy to expand and permit Govt’s lawful n legitimate access in national security and emergencies like pandemics and earthquakes etc.”
Meanwhile, the Sources said that the discussion on the bill will be held on August 7.
“DPDPBill is a global standard, Contemporary, FutureReady yet simple and easy to understand,” he mentioned.
Earlier today, Union Communications, Electronics and Information Technology Minister Ashwini Vaishnaw introduced Digital Personal Data Protection Bill, 2023, in the Lok Sabha.
Opposition members strongly opposed the introduction of the bill and said that the bill violates the fundamental right to privacy. They demanded that the bill should be sent to the standing committee for scrutiny.
They said the government had withdrawn a bill on data protection last year and the new bill needs more scrutiny.
Vaishnaw said that it is not a money bill and all issues raised by the opposition will be answered during the debate.
The bill provides for the processing of digital personal data in a manner “that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes”.
In view of the feedback from stakeholders and various agencies, the Bill was withdrawn in August 2022. On November 18, 2022, the government published a new draft Bill, titled the Digital Personal Data Protection Bill 2022, and initiated a public consultation on this draft.
A comprehensive and detailed consultation was held on this subject. 21,666 comments were received from the public and a series of consultations were held with 46 sector organisations, associations and industry bodies.
Comments were also received from 38 ministries/departments of the Government of India.
The reintroduced draft Digital Personal Data Protection Bill 2022 proposed six types of penalties on non-companies to companies.
To prevent a personal data breach, a penalty of up to Rs 250 crore is being proposed in the draft bill which was put out for public comments. Besides, failure to notify the Board and affected Data Principals in the event of a personal data breach and non-fulfilment of additional obligations in relation to children may attract a penalty of up to Rs 200 crore.
Non-fulfilment of additional obligations of Significant Data Fiduciary under sections 11 and 16 of the Act may attract Rs 150 crore and Rs 10 crore fines, respectively.
Lastly, non-compliance with provisions of this Act other than those listed in (1) to (5) and any rule made thereunder will attract penalties up to Rs 50 crore. Points that emerged in the course of consultations and comments were thoroughly studied and the draft Digital Personal Data Protection Bill 2023 was finalised.
The purpose of this Act, the draft said, is to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process personal data for lawful purposes.
During the drafting of the Personal Data Protection Bill in 2019, the government said that the entire gamut of principles was widely debated and discussed. These include the rights of individuals, duties of entities processing personal data and regulatory framework, among others.
The first principle of the proposed Bill is that usage of personal data by organisations must be done in a manner that is lawful, fair to the individuals concerned and transparent. The second principle of purpose limitation is that the personal data is used for the purposes for which it was collected.
The third principle of data minimisation is that only those items of personal data required for attaining a specific purpose must be collected. Among others, personal data should be limited to such duration as is necessary for the stated purpose for which personal data was collected and reasonable safeguards to ensure that there is no unauthorised collection or processing of personal data are some features.