Desk Team LawDocs
PERSONAL DATA PROTECTION BILL, 2019
Data Protection
- The Personal Data Protection Bill, 2019 was introduce in Lok Sabha by the Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, on December 11, 2019. The Bill seeks to provide for protection of personal data of individuals. And establishes a Data Protection Authority for the same.
- The Bill broadly provides the following: \
- Applicability- shall apply to government, (ii) companies incorporated in India, and (iii) foreign companies dealing with personal data of individuals in India
- Obligations of data fiduciary: A data fiduciary is an entity or individual who decides the means and purpose of processing personal data. Such processing will be subject to certain purpose, collection and storage limitations. For instance, personal data can be process only for specific, clear and lawful purpose
- Rights of the individual: rights of individual shall include right to notice, right to delete, right to seek correction of data, right to seek confirmation.
Grounds for processing personal data:
- The Bill allows processing of data by fiduciaries only if consent is provided by the individual. However, in certain circumstances, personal data can be processed without consent.
- Cross-Border transfer of data: Sensitive personal data may transfer outside India for processing if explicitly consented to by the individual, and subject to certain additional conditions. However, such sensitive personal data should continue to be stored in India. Certain personal data notified as critical personal data by the government can only be processed in India.
- Exemption: The central government can exempt any of its agencies from the provisions of the Act subject to certain conditions such as threat to the security and sovereignty of the country.
- Offences: Offences under the Bill include: (i) processing or transferring personal data in violation of the Bill, punishable with a fine of Rs 15 crore or 4% of the annual turnover of the fiduciary, whichever is higher, and (ii) failure to conduct a data audit, punishable with a fine of five crore rupees or 2% of the annual turnover of the fiduciary, whichever is higher. Re-identification and processing of de-identified personal data without consent is punishable. With imprisonment of up to three years, or fine, or both.
- Data Protection Authority: The Bill sets up a Data Protection Authority which may take steps to protect interests of individuals.
- The Personal Data Protection Bill, 2019, will be tabled in the budget session of Parliament next year. A Joint Parliamentary Committee examining the bill will submit its report in the winter session of Parliament this year. (JPC), has summoned officials of Google and paytm to probe into the Bill.
Comments
Post a Comment
Share your views