/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/post_attachments/wp-content/uploads/2023/08/Empowering-Privacy-Unpacking-the-Data-Personal-Protection-Bills-Impact-on-Individuals.jpg)
Know how the data personal protection bill empowers you to control your data privacy
On August 9, the Rajya Sabha approved the Data Personal Protection Bill, 2023. The bill allows for the processing of digital personal data in a way that acknowledges both the necessity to handle such data for authorized reasons and associated issues, as well as the right of the individual to have their data protected.
The Lok Sabha enacted the law on August 7 as part of the ongoing Monsoon session of Parliament, which outlines a regulatory framework for using personal data by both commercial and public organizations.
Several of the Data Personal Protection Bill's 2023 proposals:
The Data Personal Protection Bill 2023 addresses digital personal data, often known as information that allows for the identification of a person. It enumerates the monetary fines associated with breaking the regulations and failing to comply. The bill also specifies the requirements for Data Fiduciaries, individuals, organizations, or other organizations that will gather, store, or otherwise handle personal data.
The measure seeks to restrict the use of personal information to certain purposes alone. It is founded on accountability, storage restraint, and agreed-upon, lawful, and open personal data usage.
How does the Data Personal Protection Bill shield everyday people's privacy?
According to the bill, the Data Principals, or people to whom the data belongs, can go to the Data Fiduciaries to uphold their rights. The bill states that personal data can only be handled for "legitimate uses" with the Data Principals' approval. The Data Fiduciary must provide information "in clear and plain language" regarding the personal data requested and the reason it is being collected.
The proposed legislation calls for establishing an Indian Data Protection Board to oversee adherence to the regulations and apply sanctions in case of a violation. For failure to comply with requirements for child-related data, the law allows for fines of up to Rs 200 crore. Up to Rs 250 crore in fines may be imposed for failing to take security precautions and data breaches.
Data Fiduciaries will be required to preserve the data's accuracy and remove it once the proposed legal framework has served its purpose. If it relates to providing goods and services in India, the proposed principles would also apply to processing digital personal data outside India.
The measure also gives people specific rights to access information, file complaints, request corrections, and erase their records.
Although the bill is founded on the concept of consent, there are some circumstances in which a person must provide their approval before their personal information is processed, such as when the government is providing benefits or handling a medical emergency.
The Data Personal Protection Bill may exempt government organizations from its safety, peace, and crime suppression requirements. Due to this, some have criticized the measure, claiming it will weaken the Right to Information Act requirements.