Data protection bill for protection of personal data of Indian citizens introduced in Lok Sabha

The Ministry of Electronics and Information Technology has introduced the Digital Personal Data Protection (DPDP) Bill 2023 in the Lok Sabha, aimed at safeguarding the personal data of Indian citizens. The proposed law imposes a penalty of up to Rs 250 crore on entities for breaching personal data. The bill seeks to strike a balance between individuals' right to protect their data and the need to process personal data for legitimate purposes.

The journey towards a Data Protection law in India began in 2017 with the appointment of the Justice Shrikirshna Committee to draft the legislation. A draft bill was presented in Parliament in 2019, which underwent review and suggestions from a Joint Parliamentary Committee. In 2022, the government introduced the Digital Personal Data Protection Bill, seeking inputs from various stakeholders.

Key highlights of the DPDP bill include the requirement for data fiduciaries (entities collecting and processing data) to obtain explicit consent from individuals, informing them of the purpose of data collection and processing. It also recognizes the right to be forgotten and the right to withdraw consent, allowing individuals to have their private information removed from public platforms by withdrawing consent.

The bill empowers users by granting them the right to know which entities possess their digital data and a summary of their data being processed. It also permits cross-border transfer of data, subject to government restrictions through notification. The bill establishes a Data Protection Board to handle complaints of data breaches and an Appellate Data Protection Tribunal to hear appeals against the Board's orders.