Union Cabinet Clears Personal Data Protection Bill: A Step Towards Data Privacy

Union Cabinet Clears Personal Data Protection Bill

Introduction:

In a significant development, the Union cabinet has given its nod to the personal data protection bill, paving the way for its presentation in the upcoming Monsoon session of Parliament. The bill, which was initially published for public consultation in November last year, has undergone some minor changes based on stakeholder feedback.

This new bill replaces the previously formulated data protection bill by the Justice BN Srikrishna Committee, addressing concerns raised about complexity and onerous responsibilities.

Protecting Personal Data:

The latest version of the bill focuses solely on the protection of personal data, unlike its predecessor that also regulated non-personal data.

Notably, it removes the requirement for businesses to store all user data locally, allowing for data to be stored in trusted geographies. This revision provides flexibility while ensuring data security.

User Consent and Control:

User Consent and Control

Under the draft bill, data fiduciaries (entities processing user data) are required to provide detailed notices to users in clear and simple language, informing them of the data to be collected. It also grants users the right to provide, manage, and withdraw consent for sharing their information. For instance, when closing a savings bank account, the associated data must be deleted.

Similarly, if a user decides to delete their social media account, the bill mandates the deletion of their personal data, emphasizing data retention only for the necessary purposes.

Safeguarding Children’s Data:

The bill includes provisions specifically aimed at protecting children’s data. Data fiduciaries are prohibited from engaging in tracking or behavioral monitoring of children or targeted advertising directed at them. Prior verifiable parental consent is required before processing any personal data of a child. Failure to fulfill these obligations can result in penalties of up to Rs 200 crore, ensuring the safety and privacy of children online.

Path to Implementation:

It is important to note that previous versions of the bill faced extensive scrutiny and review. The 2019 edition was referred to a Joint Parliamentary Committee (JPC) after its initial tabling in Parliament. The JPC spent over two years examining the bill before submitting its report in December 2021.

However, the bill was subsequently withdrawn by the government in August 2022, citing compliance-related concerns.

Conclusion:

The approval of the personal data protection bill by the Union cabinet marks a significant step towards safeguarding data privacy in India. By streamlining the regulations and addressing criticisms of its predecessor, the new bill aims to strike a balance between protecting personal data and facilitating innovation.

As it progresses through the legislative process, it is crucial for stakeholders and the public to remain engaged and ensure that the final legislation reflects the interests of both businesses and individuals. The implementation of robust data protection measures will not only enhance privacy rights but also foster a secure digital ecosystem that encourages trust, innovation, and responsible data handling.

Courses

Courses

×