India recently passed the Digital Personal Data Protection Bill (DPDPB), which aims to protect the personal data and privacy of individuals. This new legislation has been in the making for several years and has gone through multiple drafts and revisions. With data breaches and misuse of personal data on the rise globally, a robust data protection law is the need of the hour.
The DPDPB provides a legal framework governing the collection, storage, processing, and sharing of personal data of Indian citizens. It applies to both government and private entities. The law aims to empower citizens with rights over their own data while also laying down obligations for entities handling this data.
Key Highlights of DPDPB
- Applicability: The law applies to the processing of personal data collected online or offline if it is subsequently digitized. It also covers data processing outside India if it is related to offering goods or services to Indian residents.
- Consent: Entities must take consent from individuals before collecting or processing their personal data. Consent has to be free, specific, informed, and unambiguous. Consent given earlier can continue under the new law if individuals are notified.
- Grounds for processing: Personal data can be processed only for lawful purposes like providing a service requested by the individual, compliance with the law, prompt action for medical emergencies, etc.
- Individual Rights: Individuals get rights like the right to confirmation and access, correction and erasure of their personal data. They can also review or withdraw the consent given earlier.
- Duties of entities: Entities collecting or processing personal data must follow principles like purpose limitation, data minimization, accuracy, storage limitation, accountability, and security safeguards.
- Penalties: Stringent penalties up to Rs 250 crore can be imposed by the Data Protection Board for violations of provisions.
- Data Protection Board: The central government will establish a Data Protection Board of India to monitor compliance, investigate violations, and take enforcement action.
- Grievance redressal: Individuals will have the right to file complaints regarding violations of the law to the Data Protection Board.
- Exemptions: Certain reasonable exemptions apply like for government agencies in the interest of the security of the state, prevention of offenses, employment purposes, etc.
Key Takeaways for the Common Man
So in simple terms, what does the DPDPB mean for you and me, the common citizens of India? Here are some key aspects:
More Transparency & Control Over Personal Data
With consent being made central, you will now be more aware of what personal data about you is being collected, by whom, for what purposes, and whether you wish to provide consent for the same. For instance, apps cannot access your contacts or gallery without explicit consent.
You also have better control over the right to access your data and get it corrected or erased. Entities have to be more transparent by providing details like what data they hold about you if it was disclosed further, etc.
Less Data Misuse or Sharing Without Consent
Your personal data like financial information, health records, biometric data, etc. cannot be randomly shared or misused by entities. They can process it only for purposes you consented to. Stricter obligations are also placed on entities handling children’s data.
More Accountability & Security Safeguards
Entities have to be accountable for the personal data they handle and put in place security measures to prevent breaches or leaks. You have to be notified if a breach related to your data occurs. This makes them more responsible with your data.
Recourse in Case of Violation of Law
With rights like grievance redressal and hefty penalties specified in law, you will have recourse in case an entity mishandles or misuses your personal data illegally. You can approach the Data Protection Board set up under the law.
Limitations to Surveillance & Bulk Data Collection
While exemptions apply in case of national security, etc. the law aims to prevent indiscriminate bulk data collection or surveillance by the government. Safeguards like legality, necessity, and proportionality have to be ensured in such cases.
Safeguards for Children’s Data
Children’s personal data is more sensitive, so additional safeguards like verifiable parental consent are mandated in the law for processing such data. This prevents the exploitation of children online or targeted advertising at kids.
To summarize, the DPDPB is a progressive legislation that empowers you to control your personal data better. It makes entities more responsible in collecting, storing, and using your data.
While it may mean more consent notices and paperwork, it aims to check misuse and build accountability. However, effective implementation is key, including setting up a robust Data Protection Board.
With rising data generation and digitization, a data protection law is the need of the hour to secure privacy in the digital age. The DPDPB lays the groundwork, setting India on the path to strong data protection standards. As a common citizen, you now have more say on how your personal data is handled.