Digital Personal Data Protection Bill 2022

Current News:- 

The Indian Government has announced the Digital Personal Data Protection Act 2022, now known as the Digital Personal Data Protection Act 2022.

The Bill comes 3 months after the repeal of the Personal Data Protection Act 2019. 

What Are The Seven Principles of Law 2022?

First, an organization that uses personal information must be legal, fair to the person concerned, and transparent to the person.

Second, personal data should only be used in accordance with the purpose for which it was collected.

Third, principle involves data reduction.

The fourth, principle refers to the accuracy of information at the time of writing.

The fifth, principle states that the collection of personal data cannot be "permanently fixed by default" and that storage must be limited in time.

The sixth, principle states that there should be reasonable safeguards to ensure that "personal information is not collected or processed without permission".

The seventh, principle states that "those who determine the purposes and means of processing personal data should be responsible".

What Are The Main Features of The Digital Personal Data Protection Law?

Data Owner and Data Controller

Data Owner means the person whose data is collected.

For children (under 18), their parent/legal guardian will be considered the "data controller".

The data controller is an entity that determines the "purpose and means of processing personal data" (person, company, company, country, etc.).

Personal information is "any information that enables an individual to be identified".

Business refers to "the entire cycle of work that can be done on personal data".

Material Data Controller

A material data controller is a person who processes a large number of personal data. The central government will decide who will be elected in this group based on various factors.

These organizations are required to appoint a "data controller" and an independent data controller.

Individual's Right

Right to Information

This Act provides individuals to have "easy access to information" as stated in Article 8 of the Indian Constitution.

Consent

Individuals must give their consent before the data is processed and "everyone should know the personal data that the data controller wants to keep, the purpose of collection and processing".

Individuals also have the right to revoke authorization for fiduciary documents.

Right of Deletion

Data owners have the right to demand the deletion and correction of the data collected by the data controller.

Right to Choose

The subject also has the right to choose someone to exercise these rights in the event of his death or incapacity.

Personal Data Protection Commission

The Law also establishes a Data Protection Commission for the implementation of the Law.

Customers can file a complaint with the Data Protection Commission if Data Trust's response is not satisfactory.

Transnational Data Transfer

This Law allows data to be transferred to "specific countries and regions"; where such countries and regions have appropriate data security and the government has access to Indian data from there.

Financial Penalties

Information Security

The bill imposes heavy penalties on businesses that experience data misuse or fail to notify users when a breach occurs.

Fine Rs. Rs 50 crore for Rs 50 crore.

Information For Information

If the user gives false information or makes a complaint while registering for the online service, the user will be fined up to 500 TL. 10.000

Exemption

For the purpose of national relations, security of India, stability and security of India. may exempt its organization from the provisions of the Law in order to protect public order or to prevent the commission of any identifiable crime.

Why Is The Privacy Policy Important?

The new bill is critical of cross-border data, unlike the previous bill's requirement to store local data in India.

It has the required regional information reduction and allows the transfer of information to international locations, which can facilitate agreement between countries.

This bill recognizes the right to privacy after the event (withdrawal of consent), which was missing in the PDP Bill 2019 but was approved by the Joint Parliamentary Committee (JPC).

How can India strengthen its data protection regime?

Judge K. S. Puttaswamy (retired) - Union of India 2017

In August 2017, a nine-judge panel of the Supreme Court heard Judge K. S. Puttaswamy (retired).

Puttaswamy (Veterans) - The Union of India recognized that Indians have constitutional rights under Article 21 to privacy which is part of life and freedom.

Which Other Countries Have Data Protection Rights?

EU model

General Data Protection Regulation

is a data protection law aimed at the processing of personal data.

In the European Union, the right to privacy is seen as an important right to protect people's dignity and their right to access the information they create.

US Model

The US has no privacy guidelines or policies (like the EU's GDPR) for data use, collection and disclosure.

In contrast, business management is particularly limited. The approach to data protection differs between public and private.

State's duties and powers regarding personal information are clearly defined and addressed by general laws such as the Privacy Act, the Electronic Communications Privacy Act, and others.

There are some special rules for private businesses.