Digital Personal Data Protection Bill 2022
In 2017, the Supreme Court of India ruled that privacy is a fundamental right for every Indian Citizen.
The Indian government has now proposed a new data privacy bill — Digital Personal Data Protection Bill 2022.
This is the fourth iteration of the proposed bill and is now open for public review and feedback till 17 December 2022.
The DPDP bill becomes quite significant in ensuring the privacy of Indian Citizens online.
Here are some key points from the DPDP draft bill:
- The law will cover personal data collected online and digitized offline data.
- Companies will be required to stop retaining user data if it no longer serves the business purpose for which it was collected.
- No organization will be allowed to process personal data “likely to cause harm” to children, and advertising cannot target children. Parent consent is required before processing any personal data of a child. (This is my favorite part of the bill 🙂)
- Companies can transfer user data outside Indian borders, but only to “trusted geographies” that the Indian Government approves sending data to.
- The law also applies to the processing of personal data abroad, if it involves profiling Indian users or selling services to them.
- A “Data Protection Board” will be established to ensure compliance with the proposed law. The Data Protection Board can levy financial penalties for non-compliance. The board would also hear user complaints and take certain actions accordingly.
- Companies of “significant” size should appoint an independent data auditor to evaluate compliance with provisions of the law.
- Organizations failing to take reasonable security measures to prevent data breaches could be penalized with fines of up to USD 30 million approx.
- State agencies may be exempted from processing data from the proposed law in the interest of national security.
- Users shall have the right to correction and erasure of their personal data.
Share your thoughts on this digital personal data protection bill 2022.