UPSC Courses

DNA banner


  • 28 November, 2022

  • 6 Min Read

Digital Personal Data Protection Bill 2022

Digital Personal Data Protection Bill 2022

  • The Union Government has released a new version of the Personal Data Protection Bill, now known as the Digital Personal Data Protection Bill, 2022.
  • The bill was introduced three months after the Personal Data Protection Bill of 2019.

What is the Bill's Seven Principles for 2022?

  • Organisations must use personal data in a way that is legal, fair to the individuals involved, and transparent to individuals.
  • Second, personal information must be used only for the purposes for which it was collected.
  • The third principle emphasises data minimization.
  • When it comes to data collection, the fourth principle emphasises data accuracy.
  • The fifth principle states that personal data should not be "stored perpetually by default" and that storage should be limited to a set period of time.
  • According to the sixth principle, there should be reasonable safeguards in place to ensure "no unauthorised collection or processing of personal data."
  • According to the seventh principle, "the person who decides the purpose and means of processing personal data should be accountable for such processing."

What are the Key Elements of the Digital Personal Data Protection Bill?

Principal and Fiduciary Data:

  • The individual whose data is being collected is referred to as the Data Principal.
  • In the case of children under the age of 18, their parents or legal guardians will be considered their "Data Principals."
  • The entity (individual, company, firm, state, etc.) that determines the "purpose and means of processing an individual's personal data" is known as a data fiduciary.
  • Personal data is defined as "any data that can be used to identify an individual."
  • Processing is defined as "the entire cycle of operations that can be performed on personal data."

Important Data Fiduciary:

  • Significant Data Fiduciaries handle a large volume of personal data. The Central Government will decide who falls into this category based on a variety of factors.
  • Such organisations will be required to appoint a "Data protection officer" as well as an independent Data Auditor.

Individual Rights: Information Access:

  • Individuals should be able to "access basic information" in languages specified in the Indian Constitution's eighth schedule, according to the bill.
  • Individuals must provide consent before their data is processed, and "every individual should know what items of personal data a Data Fiduciary wishes to collect and the purpose of such collection and subsequent processing."
  • Individuals may also withdraw consent from a Data Fiduciary.
  • Data principals will have the right to demand that data collected by the data fiduciary be erased and corrected.
  • Right to Nominate: Data principals will also have the option of naming someone to exercise these rights in the event of their death or incapacity.
  • Data Protection Board: The Bill also proposes establishing a Data Protection Board to ensure that the Bill is followed.
  • Consumers can file a complaint with the Data Protection Board if they receive an unsatisfactory response from the Data Fiduciary.
  • Cross-border Data Transfer: The bill allows for the storage and transfer of data across borders to "certain notified countries and territories," as long as they have a suitable data security landscape, and the government can access data belonging to Indians from there.

Financial Sanctions:

  • For Data Fiduciary: The bill proposes severe penalties for businesses that suffer data breaches or fail to notify users when breaches occur.
  • Penalties will range between Rs. 50 crores and Rs. 500 crores.
  • For Data Principal: A user who submits false documents when signing up for an online service or files frivolous grievance complaints may be fined up to Rs 10,000.
  • Exemptions: The government may exempt certain businesses from complying with the bill's provisions based on the number of users and volume of personal data processed by the entity.
  • This was done with startups in mind, who had complained that the Personal Data Protection Bill, 2019, was too "compliance intensive."
  • National security exemptions have been preserved, as in the previous 2019 version.
  • The Centre has been given the authority to exempt its agencies from the Bill's provisions in the interests of India's sovereignty and integrity, state security, friendly relations with foreign states, public order maintenance, or preventing incitement to any cognizable offence.

What is the significance of the Digital Personal Data Protection Bill?

  • In contrast to the previous Bill's contentious requirement of local storage of data within India's geography, the new Bill makes significant concessions on cross-border data flows.
  • It takes a softer stance on data localisation requirements and allows data transfer to specific global destinations, which is likely to encourage country-to-country trade agreements.
  • The bill recognises the data principal's right to postmortem privacy (Withdraw Consent), which was not recognised in the PDP Bill, 2019, but was recommended by the Joint Parliamentary Committee (JPC).

How has India improved its data protection regime?

Union of India vs. Justice K. S. Puttaswamy (Retd) 2017:

  • In Justice K. S. Puttaswamy (Retd) vs Union of India, a nine-judge bench of the Supreme Court unanimously held in August 2017 that Indians have a constitutionally protected fundamental right to privacy that is an intrinsic part of life and liberty under Article 21.

2017 B.N. Srikrishna Committee:

  • In August 2017, the government appointed a committee of experts for data protection, chaired by Justice B N Srikrishna, which submitted its report in July 2018 along with a draft Data Protection Bill.
  • The Report includes numerous recommendations to strengthen Indian privacy law, such as restrictions on data processing and collection, a Data Protection Authority, the right to be forgotten, data localization, and so on.

Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021:

  • IT Rules (2021) require social media platforms to be more cautious about the content on their platforms.

Source: The Hindu


E-pharmacies The Ministry of Health sent "show cause" letters to at least 20 businesses in February 2023 for online drug sales, including Tata-1mg, Flipkart, Apollo, PharmEasy, Amazon, and Reliance Netmeds. What is e-pharmacy? E-pharmacy refers to the purchasing and selling of drugs and other pharmaceutical products through a

Punchhi Commission Report

Punchhi Commission Report The Punchhi Commission's report on relations between the federal government and its constituent states will now be reviewed for state responses, according to the Union Ministry of Home Affairs (MHA). Historical Background: A Commission on Centre-State Relations was established by the Indian government,

Indo-German Relations

Indo-German Relations Olaf Scholz, the Chancellor of Germany, recently paid a bilateral visit to India. It is Scholz's first trip to India after taking office as German Chancellor in December 2021, ending Angela Merkel's illustrious 16-year reign. About the news: The visit of the German chancellor is significant because i

India Denmark Cooperation

India Denmark Cooperation During the "India-Denmark: Partners for Green and Sustainable Development Conference" in New Delhi, the Union Minister for Environment, Forests, and Climate Change said that India and Denmark can work together to show that reaching ambitious climate and sustainable energy targets is possible. Since the Gr

Mob lynching and Cow Vigilantism

Mob lynching and Cow Vigilantism The recent lynching and burning of two men in Haryana on the basis of allegations of unlawful cow slaughter, smuggling, or transportation bring attention to the problem of mob lynching. About cow vigilantism: Mob attacks carried out in the guise of "cow protection" primarily target Mus


Search By Date

Post Feed

Newsletter Subscription
SMS Alerts