Data Protection Bill, 2019

 

Data Protection Bill, 2019

The Data Protection Bill, 2019, introduced in India, aims to regulate the collection, storage, and processing of personal data of individuals while ensuring their privacy and protection.

The revised 2019 Bill was criticized by Justice B. N. Srikrishna, the drafter of the original Bill, as having the ability to turn India into an “Orwellian State". In an interview with Economic Times, Srikrishna said that, "The government can at any time access private data or government agency data on grounds of sovereignty or public order. This has dangerous implications.”This view is shared by a think tank in their comment.

 

The Personal Data Protection Bill (PDPB) of 2019 was a proposed law in India that sought to protect the privacy of personal data:

Purpose

The bill aimed to establish a legal framework for data protection in India, including standards for cross-border data transfers and remedies for unauthorized data processing.

Status of the Bill

The Data Protection Bill, 2019, after receiving various recommendations and critiques, was eventually withdrawn and replaced by a new draft called the Digital Personal Data Protection Bill, 2023, which focuses more on digital personal data and introduces streamlined compliance mechanisms.

Key features

The bill proposed the creation of a Data Protection Authority (DPA) to oversee data protection, and placed obligations on entities that collect personal data. These obligations included:

Notifying individuals of data collection and obtaining their consent

Storing data securely and accurately

Using data only for the purposes stated in the notice

Deleting data once the purpose is served

Providing consumers with the right to access, erase, and port their data

1.     Applicability:

Ø Applies to data collected within India or from individuals residing in India, even if processed outside the country.

Ø Covers both government and private entities.

 

2.     Personal Data & Sensitive Personal Data:

Ø Personal Data: Any data related to an identifiable individual.

Ø Sensitive Data: Includes financial, health, biometric, caste, religious, and sexual orientation data, among others.

3.     Consent Requirements:

Ø Individuals' consent is mandatory for data collection and processing.

Ø Consent must be informed, specific, and freely given.

4.     Data Protection Authority (DPA):

Ø A regulatory body proposed to enforce the provisions of the Bill and resolve disputes.

5.     Right of Individuals:

Ø Right to Access: Users can access personal data held by entities.

Ø Right to Correction: Users can correct inaccurate data.

Ø Right to Data Portability: Transfer data from one service provider to anothe

6.     Data Localization:

Ø Certain categories of data must be stored on servers located in India, although some data can be transferred abroad under conditions.

7.     Penalties for Non-compliance:

Ø Heavy fines up to ₹15 crore (~USD 2 million) or 4% of the entity's global turnover for violations.