Personal Data Protection Bill gets Cabinet approval

  • July 6, 2023
  • Posted by: OptimizeIAS Team
  • Category: DPN Topics
No Comments

 

 

Personal Data Protection Bill gets Cabinet approval

Subject : Polity

Section: Legislation in news

Context:  Personal Data Protection Bill gets cabinet nod, major provisions retained

Key Points:

  • The bill has been approved by the cabinet, to be tabled in Parliament.
  • Government has retained the major provisions of the draft Digital Personal Data Protection Bill, 2022, including penalties for data breaches, parental consent for children’s data, and deemed consent, in the final version
  • Bill will continue with a principle-based approach, and it will be followed by a rulebook
  • Data Fiduciaries, Principal and Consent:
    • The Bill requires online platforms to take clear and informed consent from the user (principal) before collecting any personal data.
    • The Bill requires platforms to give a description of the personal data sought and the purpose of processing of such personal data. The provision is likely to change the way a majority of the websites collect cookies
    • All data fiduciaries must undertake certain transparency and accountability measures such as security safeguards (encryption), grievance redressal mechanisms.
    • Bill requires platforms to obtain verifiable parental consent “in such manner as may be prescribed” before processing any personal data of a child — any user below the age of 18.
    • Users to get a right to erase their personal data with platforms
  • Monitoring, Compliance, Penalty, grievance redressal:
    • The Bill, seeks to enforce the fundamental right to privacy of citizens, has the provision of penalties ranging up to 250 crore for each instance of data fiduciaries failing to take safeguards to prevent personal data breaches.
    • Data Protection Board of India will be set up by the government which will be responsible for monitoring compliance, imposing penalties, requiring fiduciaries to take necessary measures in the event of a data breach, and hearing grievances made by affected persons.
    • The affected data principals will be able to seek compensation in civil courts.
    • The government may also retain the concepts of voluntary undertaking and alternative dispute resolution mechanisms to reduce litigations.
  • Deemed Consent:
    • The provision of ‘deemed consent’ has become a matter of debate in public discussions with respect to its idea and the exemptions allowed under it.
    • According to it “In specific circumstances, a data principal might be deemed to have given consent to the processing of his/her personal data if such processing is necessary.” and ‘taking consent (for sharing personal data) is not feasible.’
  • Surveillance:
    • the Bill does not mention unreasonable surveillance as a harm, a definition which was available in the previous Bill
    • The requirement of proportionality, reasonableness and fairness have been removed for the Central government to exempt any department or instrumentality from the ambit of the Bill
    • The bill has widened the scope of ‘public interest’ exemptions given to government under Section 18
    • unchecked data processing by the State, which may violate the right to privacy
Personal Data Protection Bill gets Cabinet approval Polity