MeitY releases draft of the revised data protection bill for public comment
The bill has been titled Digital Personal Data Protection Bill, 2022.
The Ministry of Electronics and Information Technology (MeitY) has released a draft of the revised data protection bill. The bill has been titled Digital Personal Data Protection Bill, 2022 and is open for public comment till December 17.
The proposed bill comes in place of the Data Protection Bill, which was withdrawn by the government in August this year. The draft proposes to set up a Data Protection Board of India, which will carry on functions as per the provisions of the bill.
According to the ministry, the purpose of this Act is to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process personal data for lawful purposes, and for matters connected therewith or incidental thereto.
The focus of the draft bill will be solely on personal data, the parliamentary Committee’s bill had sought to regulate personal and non-personal data.
The data fiduciary is required to give itemised notice to users on data sought to be collected, in clear and plain language.
A "Data Fiduciary” is anyone who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
Users shall also be allowed the right to give, manage, and withdraw consent from sharing information.
The new draft also states that the central government may, after an assessment, notify countries or territories outside India to which a data fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified.
The Centre by notification may grant exemption from the application of provisions of this Act in case of national security, maintenance of public order or preventing incitement to any cognisable offence relating to any of these.
The exemption can also be granted in case the data is necessary for research, archiving or statistical purposes if the personal data is not to be used to take any decision specific to a data principal and such processing is carried on in accordance with standards.
Also Read: Data protection bill will penalise platforms for customer data misuse: Rajeev Chandrasekhar
A “Data Principal” is anyone to whom the personal data relates and where such individual is a child includes the parents or lawful guardian of the child.
Government entities will also be allowed to store personal data for an indefinite period of time.
The government can also exempt some entities from:
The Board can impose financial penalties on non-compliance by a firm of up to Rs 500 crore, after giving the person a reasonable opportunity of being heard.
A penalty of up to Rs 250 crore has been proposed in case the Data Fiduciary or Data Processor fails to protect against personal data breaches in its possession or under its control.
The draft has also proposed a penalty of Rs 200 crore in case the Data Fiduciary or Data Processor fails to inform the Board and data owner about the data breach.
The draft personal data protection bill, issued in 2019, had proposed a penalty of Rs 15 crore or four percent of the global turnover of an entity.
Also Read: Google Cloud and Data Security Council of India announce new programme to demystify cloud security
First Published: Nov 18, 2022 2:26 PM IST
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Lok Sabha Election Phase 2: Experts decode the key trends and issues in key battleground states
Apr 26, 2024 11:53 PM
2024 Lok Sabha Election | Which way the wind blows in the second phase
Apr 26, 2024 6:09 PM