New Bill on Digital Personal Data Protection 2023

Blog

New Bill on Digital Personal Data Protection 2023

We all are living in the era of digitalisation, where data is floating everywhere. And there is a need to create rules to ensure that data of the user will remain secured. Already a lot of discussion has been done on how apps, websites, social platforms and companies collect the personal data of users.

 

So, to resolve the issue, the Supreme court passed the ‘rule to privacy’ to save the fundamental human right through the act. The Digital Personal Data Protection Bill 2023 was introduced in Lok Sabha by the Ministry of Electronics & Information Technology on August 3rd, 2023 and August 7th, 2023.

 

Data Protection Law is India's first law which is devoted to protecting the privacy of users digitally. The first draft of the law was published in 2019 and was provided for feedback. Lots of changes were made and in fact the bill was passed in Lok Sabha a few days ago, it was a fourth attempt of them to get it right. Finally, it was published on August 7th, 2023, in the 33 page document, the rules of data protection are mentioned clearly. Below a complete guide about Digital Protection Bill 2023 is given, and how it bring a change in the country. 

Types of Data Under the Data Protection Bill

The bill is called the ‘Digital’ Personal Data Protection Bill (DPDP) because it deal with the general data protection rules which are made for online platforms. Mainly the bill deal with two types of data:

  1. Data collected digitally as you browse websites or any social media platform. For instance when you visit a website, it asks you to allow cookies, choice cookies as per your preferences or completely deny it. If you allow the cookies, it will keep the data of your activity or information you put in the website. So, the data protection law works on personal data of users shared on any platform digitally.
  2. Data collected offline and then added into a computer. If any company conduct a survey or put the information of the customer or their feedback without their consent than it is also a personal data breach.

Rules of Data Protection Bill

The following are the rules which are simple to understand and need to be followed by the companies or other platform for collecting the personal data of the users:

  1. When someone wants your data, they need to clarify how they use it. They cannot use the data the way they like. For example, if an app is asking for access to a camera and phone then they have to provide a reason and clearly explain why they need the data and how they will use it.
  2. If a user wants to erase their data at any point, then the process must be easy.
  3. In case the entity doesn’t follow the rules, they have to incur penalties.

A Data Protection Authority is created a Data Protection Board created as an independent regulatory agency who will handle the disputes related to privacy protection and resolve them quickly. 

Will Data Protection Bill Clash with RTI?

The RTI came in 2005 with an aim that if anyone wants information related to the government can access it. They just have to send a written request to the authorities and they will process it. 

 

There were some exemptions to it like not disclosing the information which has no connection with the public activity or interest. This rule will not apply if the Central Public Information officer or the State Public Information Officer or the appellate authority ask for the information. If a larger public interest is satisfied to get the disclosure of such information, then the authority will pass the request.

How Authority Can Deny From Providing Personal Information?

Let’s take an example, if you want to know the details of a government officials related to their real estate. Here’s a point can be state to get the information is government officials are in the public domain and tracking their investments will help in checking the corruption. If the income of the officer and assets will not match then he/she will definitely get into corruption. As per the RTI act, the proper steps will be taken on the issue. 

 

But Personal Information Protection Act is clashing with the RTI as it works on privacy protection. Under the privacy data act some keywords are removed which are present in the RTI act. It has been said that, if required any information, it can be simply said that it is a ‘personal information’ and can’t be shared.

 

As per the example given above, it can be said that information of assets is categorized as personal information in privacy data laws. Many government officials said that they also have a ‘right to privacy’ even if they are working in a public forum. It is stated by many people that now the government can easily be prevented from providing the information as per the data protection laws in India.

How Does Government Block Content Online?

The government has the power to block content. Under Section 69A, the Information Technology Act, the government can order any social media platform, company, app to delete content. But first the content has to satisfy any one criteria from the six criterias. These criteria include national security and public order.

 

In the Personal Data Protection Act, Clause 37 is added for blocking content. In this clause it has been stated, if Data Fiduciary, flouts the rules twice for storing and processing personal data. The government will enter when the entity make personal data breach for second time, and give a chance to Data Fiduciary to explain. If the government is not satisfied with the reason, then the business of fiduciaries will stop to breach privacy data laws.

 

So, this data privacy clause is perfect because the Fiduciary is handling the personal data of the people. If they make any mistake then the government will walk in and block the content.

Objectives of Digital Personal Data Protection

The following are the objectives of digital personal data protection bill 2023 are as follows:

Conclusion

To conclude, the data protection act protects the privacy of Indian citizens and if any entity does personal data breach the data of individual then a penalty Rs. 250 crore will be imposed to the entity. The company have to follow the personal data protection rule and especially if data is stored on the third party data processor. In case, the third party misuse a data, then company must inform a Data Protection Board (DPB) and users. 

 

Also read:  FAQs on the Digital Personal Data Protection Act, 2023

Related post

Subscribe to our newsletter