Digital Personal Data Protection Bill 2023.

Post Views: 229

A simple-sounding bill, “Digital Personal Data Protection Bill 2023,” has become much more controversial today. According to Bill, any company won’t be able to collect, store, or process your personal data without your consent.

However, the government has left itself with a few exemptions due to which a lot of people are tense such as why only government should be off the hook. Now, this has become the reason for all controversies.

The opposition says that this will compromise people’s right to privacy. Some organizations say that this will give the government the right to censor content without giving any reason.

At the same time, some news channels are saying that due to the exemptions of the government, the right of the citizens to information can be in danger. But, countless tech CEOs and founders of this country who plan their business strategies based on the data of their customers and who themselves are going to be directly affected by this bill, openly welcome this bill. They have to say that this bill is correct and it will help a lot in keeping people’s personal information safe.

The right of digital consumers will make data protection a fundamental right. It will also bring a sense of trust, fairness, and transparency to the digital economy of our country.

Now we have two perspectives.

One – for and
One – for against.

Both perspectives are important entities that will affect our decision-making. So what is this Digital Personal Data Protection Bill, 2023? What practical effect will this have on your or our lives? How will this topic affect our lives?

This bill is 33 pages, so it will be difficult to explain the entire bill in one line. That’s why we will read it by bifurcating it into 5 to 6 simple principles to understand it better so that even a common man can understand it very well.

Principles

Legality

If you want to open an account through the app of any bank, then that bank will personally verify your Aadhaar card, PAN card, and photo by making a live video call for its Know Your Customers process.

The same will happen after the introduction of this bill, but before this digital verification, that bank will have to inform you in detail through official email or in-app notification that why they are doing this KYC. With this, what information will they store and process, and what is its purpose?

They will have to take your consent on this officially. Only then will they get the right to process your data. We only gave the example of banks, but this law will actually apply to all those private, public, and independent entities who digitally collect, store, or process any personal data from you.

Even sometimes, social media apps also ask you for your personal information, whose email id, phone number, or your contacts and photos in your gallery. But from now on, they also have to take your consent, notifying you why they are taking this information and what they will do with it.

Limitation or Minimization

You need some medicines, and you register on an online telemedicine app. So it usually happens that the app asks for your personal details to provide you with the service.

And just wants your contact information. On this pretext, he also asks for access to the list of your phone contacts. In this situation, most people consider it as genuine and give access.

But now, after the introduction of this bill, this will not happen. Because it is not necessary to give access to the entire contact list for the service of delivering medicines. So now, that app itself will have to limit access to your personal information because such unnecessary access can lead to misuse of your personal information.

And if you look at the history of India, then these security threats were actually quite common in our country. America’s Intelligence Agency CIA had kept an eye on India’s important personalities for about 50 years after Indian Independence. Till now, India was not able to act immediately on these issues, probably to maintain cordial relations with such countries.

Accuracy

Let us assume that you have a car that you want to sell, and for that, you have registered it on a car resale platform with full consent. Now in such a situation, if your car is sold, and you have withdrawn the consent to use your personal information from that platform, earlier it used to happen that such platforms did not delete your personal information from their database, nor did they update it.

The car has been sold. That is, even after the car was sold, you kept getting calls from unnecessary buyers. But from now on, it will not happen. Now it will be important for that platform to comply that they should first of all update the information in their database accurately that your car has been sold, and if you have withdrawn your consent from them, then its extremely essential to them You have to erase all your information from your database.

Reasonable Safeguard

If you have deactivated your savings account with any bank and have withdrawn your consent to maintain your personal information, then that bank will have to delete your personal information immediately.

Because according to the laws in this case, banks are required to maintain the information of their customers for at least 10 years after the account is deactivated. And this is because if a person defrauds Kalko, then those banks can help catch that Kulpreet after the investigation by the concerned authorities.

Accountability

Suppose your telecom service provider has consented to use your personal data related to your calling so that it can send your telephone bill to you by monthly e-mail.

Suppose the same telecom service provider has given the work of emailing bills to its customers to a data processing company that did not take any consent from you directly.

This is legal because both the NTTS have signed an official contract with each other. But tomorrow, if you download the official app of that telecom service provider and you want your bill only through that app, then after the arrival of this new law, both that telecom provider and its associated data processor will be required to send personal data related to email mailing. Processing has to be stopped immediately.

Because your personal email will no longer be needed. If they did not do this, then suppose tomorrow, if any of their employers sold or misused that data to any third entity for their personal gains, then you can complain against that telecom service provider. Because he has contracted with a second party or has hired the wrong person, then he will be completely responsible for it and not yours. You have consented to that telecom company and not to these particular partners or employees.

That is, if you complain here, then it will be considered absolutely valid. And if found guilty, the bill clearly mentions that the telecom service provider may be fined up to Rs 250 crore for violating this specific accountability principle. Pay attention to this “If you complain, then only it will be applicable; otherwise, not.”

Dispute Resolution

Suppose someone misuses your data, then the question arises where will you go and appeal? So there are three levels for this.

Where to apply if someone misuses your data?

Level 1

Every major company that deals with data has been asked to create an independent department within itself, which you can contact and resolve disputes among yourselves.

Level 2

Under this law, a Dispute Resolution Board will also be formed in the name of the Data Protection Board of India, which will have experts related to IT, administration, and law. And if your dispute is not resolved at the company’s level, then you will have to place your complaint directly in front of the Data Protection Board of India.

Level 3

After that, if this Data Protection Board gives a decision to which no party agrees, then they can again take their case to an Appellate Tribunal, which is a kind of civil court. And this tribunal will compulsorily have to resolve that dispute within six months. Whichever company will be found guilty, the bill clearly mentions that they may be fined from 10,000 to 15 crores, depending on the seriousness of the offense.

So by now, you must have got a good overview of the bill. This whole bill seems to be in the interest of the public, but till now, we have heard only one perspective.

Opposition Criticism

Centralization of Data

Exemption
Federal Structure Destroyed
Surveillance
Right to Privacy Affected

Not Passed to Standing Committee

Money Bill

Right to Information Compromised

Centre’s Counter

Puttaswamy Judgement Consulted
Article 12: State = All Government Bodies belonging to center & state government

Passed By:

Joint Parliamentary Committee (Lo Sabha + Rajya Sabha)
48 Expert Organizations
39 Ministries
Public Consultation
Ordinary Bill

Only 4 Exemptions

National Security
Law and Order
Natural Disaster
Research & Statistical Purposes
EU – 16 Exemptions
India Only 4

First, on 7 August, Lok Sabha Passed the Digital Personal Data Protection Bill, 2023. Then on 9 August, Rajya Sabha also passed it. On 11 August, President gave the final judgment and passed it for application.

Even to counter the NDA (National Democratic Alliance) 37 Parties collation, Congress has created I.N.D.I.A. (Indian National Developmental Inclusive Alliance), a 24 Parties strong collation.