India’s own digital privacy law is set to become a reality soon as the upper house of the parliament on Wednesday cleared the Digital Personal Data Protection (DPDP) bill. Following the ascent from the President, the bill will become the law.
The bill had been cleared by the Lok Sabha earlier this week.
The objective of the bill is to regularize the processing of digital personal data in a manner that protects citizens’ privacy. It also aims to empower citizens to better control the information they share online.
For instance, data fiduciaries, which in this case are firms collecting personal data from individuals, must provide notice of why they are doing so.
A “Consent Manager” should be made available to review provided consent, and this entity should register with a Data Protection Board that will be set up by the government. Fiduciaries should obtain “verifiable parental consent” for collecting data from minors.
A data fiduciary should no longer retain information about a user (a “data principal”) once the purpose of keeping that data is no longer served.
The bill also calls for giving users the right to review and correct the data they have provided, as well as to remove such data. They should be able to nominate someone else in case of death or incapacitation. They should have the right to have their grievances processed by the data fiduciary.
The bill, however, has also faced criticism from different corners. For instance, Editors Guild of India (EGI) expressed concerns over possible surveillance of users.