INSUBCONTINENT EXCLUSIVE:
NEW DELHI: The Rajya Sabha on Wednesday passed the Digital Personal Data Protection Bill, 2023, with a voice vote following a walkout by the
opposition members over the Manipur issue
The Lok Sabha had passed the bill on August 7.The Bill, which comes after six years of the Supreme Court declaring "Right to Privacy" as a
fundamental right, has provisions to curb the misuse of individuals' data by online platforms.After passage of the Bill, Union minister for
electronics - information technology Ashwini Vaishnaw said: "140 crore citizens who use digital means for accessing so many services will
get data protection legislated by the Parliament ..
With this bill, the digital world will become safer, more trustworthy and it will have a significant impact on common citizens'
lives."Minister of State for electronics and IT Rajeev Chandrasekhar said: "The Digital Personal Data Protection Bill is passed by
My engagement on the issue of privacy started in 2010 and led to me filing a case in the Supreme Court as a petitioner that fought and
succeeded in order that Privacy is a fundamental right," he posted on X (formerly Twitter).Here is all you need to know about the new
legislation:According to the Centre, the Bill is an attempt to create a comprehensive data privacy law
It is part of a group of legislations, including the National IT Governance Framework Policy and a new Digital India Act.According to the
individuals to protect their personal data and the need to process personal data for lawful purposes, and for matters connected therewith or
offline personal data.It also applies to any entity that processes personal data outside India but relates to any data principal within
India.There is a provision in the Bill for creating the Data Protection Board of India (DPB), which will be the first regulatory body in
India focused on protecting personal data privacy.The DPB will oversee compliance and impose penalties on non-compliant organizations.The
new law also establishes numerous rights of citizens, known as Data Principals:Right to information: This gives data principals the right to
information about the processing of their personal data and a summary of their personal dataRight to withdraw consent: Data principals have
They also have the right to know if their data has been shared with a third party.Right to correction and erasure: Data principals have the
right to correct inaccuracies in their personal data and the right to request erasure of their personal data.Right of grievance redressal:
This gives data principals the right to register a grievance with the data fiduciary
Should the fiduciary not respond or provide an unsatisfactory response, data principals have the right to escalate a grievance to the Data
Protection Board.The Bill enumerates some obligations of Data Principals, including not providing false information, filing false
complaints.Meanwhile, data-holding companies have numerous responsibilities under the new lawThey must clearly explain to data principals
what personal data the data fiduciary wants to collect and the purpose of collecting the dataObtain informed consent to collect an
of personal data where it is no longer neededTake steps to ensure that data processed is accurate and completeImplement appropriate security
the Data Protection Board and all data principals impacted if a data breach occursImplement a contract before sharing or transferring data
to another fiduciary or to a data processorAdditionally, some larger data organisations will also be required to appoint a data protection
officer, and an independent auditor to conduct periodic audits to ensure ongoing compliance.
