Union Electronics & Information Technology Minister Ashwini Vaishnaw on Thursday tabled The Digital Personal Data Protection (DPDP) bill, 2023 in the lower house of parliament.
Vaishnaw also clarified that the bill has been introduced as a general bill. He was responding to claims by opposition leader Manish Tewari that it was being tabled as a ‘money bill’. A few leaders, including Asaduddin Owaisi, Gaurav Gogoi, and Tewari, from different opposition parties also opposed the bill.
As is the norm, the bill must be passed by both houses of the parliament, and assented to by the President, to become an act.
The move, however, means a big step towards India having a personal digital data protection system, akin to Europe’s general data protection regulations.
The objective of the bill is to regularize the processing of digital personal data in a manner that protects citizens’ privacy. It also aims to empower citizens to better control the information they share online.
For instance, data fiduciaries, which in this case are firms collecting personal data from individuals, must provide notice of why they are doing so.
A “Consent Manager” should be made available to review provided consent, and this entity should register with a Data Protection Board that will be set up by the government. Fiduciaries should obtain “verifiable parental consent” for collecting data from minors.
A data fiduciary should no longer retain information about a user (a “data principal”) once the purpose of keeping that data is no longer served.
The bill also calls for giving users the right to review and correct the data they have provided, as well as to remove such data. They should be able to nominate someone else in case of death or incapacitation. They should have the right to have their grievances processed by the data fiduciary.
