The Digital Personal Data Protection Bill, 2023 has been approved by the Lok Sabha. While respecting the rights of Indian citizens, this legislation outlines the obligations of organizations handling and processing digital data. For individuals found to have violated the provisions of the bill, severe penalties are now in place, ranging from a minimum of Rs 50 crore to a maximum of Rs 250 crore.
Establishing a thorough framework for the protection of personal data is the main goal of the Digital Personal Data Protection Bill, 2023. This framework extends its authority to cover any personal information gathered in India, including later-digitized offline and internet information. Additionally, the rules of the bill will be applicable if data processing takes place outside of India but involves providing products or services to people within of India.
On August 3, the bill was introduced in the Lok Sabha by Union Minister of Communications, Electronics, and Information Technology Ashwini Vaishnaw. Vaishnaw maintained the bill's status as a "normal bill" and pushed it for discussion in response to calls from the opposition to refer the bill to the standing committee for more investigation.
The Digital Personal Data Protection Bill, 2023's main features include:
Data Security: Even if personal data is held with third-party data processors, entities dealing with user data are expected to ensure its protection.
Data Breach Notification: Companies are required to notify the Data Protection Board (DPB) and impacted consumers right away in the event of a data breach.
Children and physically disabled people are given special considerations, therefore processing their data must only be done with their guardians' permission.
Appointment of Data Protection Officer (DPO): Companies are obligated to designate a Data Protection Officer and provide the users with contact information.
Government Authority over Data Transfer: The bill gives the central government the authority to control the transfer of personal data to nations or territories outside of India.
Appeals Mechanism: The Telecom Disputes Settlement and Appellate Tribunal will decide appeals against DPB decisions.
DPB's Authority: The DPB has the power to subpoena and question witnesses under oath, review the records of businesses that handle personal data, and suggest banning access to intermediaries that consistently violate the terms of the bill.
Penalties: With fines of up to Rs 250 crore possible for data breaches, failure to preserve personal data, or failing to notify the DPB and users of a breach, the DPB will determine penalties based on the type and severity of the breach.