Digital Personal Data Protection Bill, 2022: Understanding the Key Provisions
The Digital Personal Data Protection Bill, 2022 is a proposed law that aims to regulate the collection, storage, processing, and transfer of personal data in India. The bill is currently under review by the Indian parliament and is expected to be enacted soon. In this article, we will discuss the key provisions of the bill and their implications for individuals and businesses in India.
What is the Digital Personal Data Protection Bill, 2022?
The Digital Personal Data Protection Bill, 2022 is a comprehensive law that seeks to protect the privacy and personal data of individuals in India. The bill outlines the rights of individuals with respect to their personal data and imposes obligations on businesses and organizations that collect, store, process, and transfer personal data.
Key Provisions of the Digital Personal Data Protection Bill, 2022
- Personal Data: The bill defines personal data as any data that relates to an individual who can be identified from that data, either directly or indirectly. This includes information such as name, address, phone number, email address, and even online identifiers such as IP addresses.
- Data Fiduciary: The bill introduces the concept of a “data fiduciary,” which is an entity that determines the purpose and means of processing personal data. Data fiduciaries are required to obtain explicit and informed consent from individuals before collecting their personal data.
- Data Protection Authority: The bill establishes a Data Protection Authority (DPA) that will be responsible for enforcing the provisions of the bill. The DPA will have the power to investigate and impose penalties for non-compliance with the provisions of the bill.
- Cross-border Data Transfer: The bill requires data fiduciaries to store a copy of personal data within India. Cross-border transfer of personal data is allowed only in certain circumstances, such as for the performance of a contract or with the explicit consent of the individual.
- Data Localization: The bill requires sensitive personal data to be stored only within India. Sensitive personal data includes information related to passwords, financial data, health data, and biometric data.
- Right to be Forgotten: The bill introduces the right to be forgotten, which allows individuals to request the erasure of their personal data under certain circumstances.
- Penalties: The bill imposes significant penalties for non-compliance with its provisions. These penalties include fines of up to 4% of the company’s global turnover or INR 15 crores, whichever is higher.
Implications for Individuals and Businesses
The Digital Personal Data Protection Bill, 2022 has significant implications for both individuals and businesses in India. For individuals, the bill provides greater control over their personal data and enhances their privacy rights. Individuals will have the right to access, correct, and erase their personal data held by data fiduciaries.
For businesses, the bill imposes significant obligations to ensure the protection of personal data. Data fiduciaries will need to implement robust data protection measures, obtain explicit consent for data collection, and ensure compliance with the bill’s provisions. Non-compliance with the provisions of the bill could result in significant penalties.
The Digital Personal Data Protection Bill, 2022 is a significant development in the area of data protection in India. The bill aims to provide greater privacy rights for individuals and impose significant obligations on businesses to ensure the protection of personal data. As the bill moves towards enactment, it is essential for individuals and businesses to understand its key provisions and implications. By taking appropriate measures to comply with the bill’s provisions, businesses can protect personal data and maintain the trust of their customers.