India’s Data Protection Bill

Indian Cabinet gives nod to the Data Protection Bill!

The Data Protection Bill essentially allows laypersons to complain to the Data Protection Board of India, consisting of technical experts constituted by the government, if they have reason to believe that their personal data has been used without their consent — for example, cell phone numbers or Aadhaar details.

Data Principal Rights: The DP bill empowers individuals with rights over their personal data. These rights include the right to access and correct their data, data portability, and the right to erase their data.

Data Fiduciaries and Processors: The bill introduces the concept of ‘data fiduciaries’ and ‘data processors’. Data fiduciaries are entities or individuals who decide ‘why’ and ‘how’ personal data should be processed, while data processors are entities or individuals who process data on behalf of data fiduciaries.

Data Protection Authority: The bill proposes the establishment of a Data Protection Authority (DPA) to supervise and regulate data fiduciaries and processors.

Data Localization: The bill mandates that a copy of all personal data be stored in India. It also states that certain critical personal data must be stored and processed only in India.

Penalties and Compensation: The bill includes provisions for penalties and compensation if there is a violation of the data protection rules. Penalties can go up to 15 crores or 4% of the worldwide turnover of the data fiduciary, whichever is higher.