The Personal Data Protection Bill brought with the motive that all data which users share must be collected after their explicit consent, received the Union Cabinet’s green signal earlier this week.
The bill is slated to be presented in the current Parliament session which is scheduled to end on December 13. Once the bill is approved by Parliament and becomes law, the companies would be provided up to two years by the government to be fully compliant with the proposals of the bill.
The law will be implemented in a calibrated manner, and the companies would have to act together quickly to bring it into practice effectively.
This implementation would bring additional cost burden for the domestic companies and startups as they will be required to rebuild their systems to meet the proposed regulations completely.
However, the government agencies, state government departments, and large technology organizations will face real hardships to adopt the bill since they deal with so much user data.
Moreover, the data fiduciaries will have to delete all the data stored within the allotted time limit, cited an ET report.
For the uninitiated, the Personal Data Protection Bill 2019 seeks to give ownership of the data in the hands of the people and is based on the consent architecture. It means that the organizations, big and small, will have to seek the individual’s consent before collecting any personal data and will have to notify them of the purpose of its use.
The bill was got into discussions in July last year when the Justice BN Srikrishna-led committee submitted its draft bill to the Ministry of Electronics and Information Technology (MEITY).
The draft got finalized after a year of consultations with various stakeholders and came just after the European Union General Data Protection Regulation (GDPR) came into force in May 2018.
This bill is essential because of the urgent need to regulate data protection and data privacy, be it for online platforms, apps, social networks and web-based services, including those offered by the government.
As per the draft proposal, companies or entities found violating the conditions of data sharing as laid down by the Personal Data Protection Law face penalties of up to Rs 15 crore, or 4% of their global turnover, whichever is more.
The new law could also mandate that data collected from Indian users must be stored within the geographical boundaries of India, even if there is a copy of that data anywhere else in the world.
It would be interesting to track how well does the bill serve its purpose and maintain a proper balance of data privacy and protection.