Digital Personal Data Protection Bill – India’s own GDPR is taking shape

On Friday, the Indian Government released a pre-final version of the ever awaited Data Protection Bill Regulation, making this copy the fourth version since the bill was first proposed in 2018.

The Digital Personal Data Protection Bill 2022 is here to secure personal data of users. The Bill will importance to user data, their consent and transparency. The pre-final version of the bill’s draft will be available for public consultation until Dec 17, 2022.

With over 760 million active internet users, India needs to moderate the data collected and processed by online platforms to ensure Indian users’ data is not being exploited, abused, and manipulated.

Here’s what the Government has to say about the Data Protection Bill,

“The Bill will establish a comprehensive legal framework governing digital personal data protection in India. The Bill provides for the processing of digital personal data in a manner that recognizes the right of individuals to protect their personal data, societal rights and the need to process personal data for lawful purposes.”

A sneak peak into the Indian Data Protection Bill and its regulations

As per the bill, companies (i.e data processors) need to follow sufficient security protocols to protect user information, intimate user in case of a data breach, and ensure users data isn’t retained after their account is deleted from the platform.

The data has to be stored only for the intended purpose it first came in, any extended period of data retention is considered a breach of the regulation.

Companies also need to take enough measures to prevent data  breaches, if found otherwise, then a penalty of ₹250 crores will be charged on the data processors. If the companies failed to notify end-users about the breach then the fines could be doubled to ₹500 crores, i.e; 62 million.

Users can also demand companies to share the information regarding their personal data and to which third-party the data has been shared. They can also data processors to erase their data, or update their information if it ain’t right.

Additionally, the bill draft also mentions data minimization and unauthorized collection, processing or storage of user’s data.

However, a surprising part is non localization of user data, allowing data processors to store users’ personal data overseas in their best secured data centers. However, only certain countries have been included so far under the regulation.

Finally, there will be a whole new team of Data Protection Officers under the Data Protection Board to manage, regulate and govern the core of compliance efforts.

The exemption of Data Protection Bill 2022

The central government will be an exemption to the provisions of the bill, and can act in the best interest of the country, giving the federal body more control over public information of user data to ensure safety and security of the nation.

Thus, the government will have superior power over private bodies and can regulate, manage and streamline user personal data as in the best interest of the country.

While the government’s privilege to dive into any user data looks good for the country, unfortunately this may not be the case always and users’ privacy can be breached in certain cases, bringing us to a never-ending discussion on end-user privacy and end-to-end encryption.

Here’s what will be common among other data compliance law around the world and how DPB will fit right into ensuring user data protection and privacy.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.