One of the essential obligations proposed for data fiduciaries is to obtain free, informed, and unconditional consent from individuals before processing their data. To ensure clarity, consent requests must be presented in straightforward language, and the process of withdrawing consent should be as simple as giving it.

The Digital Personal Data Protection Bill of 2023 is scheduled for tabling in Parliament on Thursday (August 3), promising a robust framework to safeguard personal data in the digital landscape. This upcoming bill introduces noteworthy changes and provisions aimed at protecting individuals' data rights, regulating data fiduciaries (entities collecting personal data), and establishing enforcement mechanisms through a dedicated Data Protection Board.

One of the essential obligations proposed for data fiduciaries is to obtain free, informed, and unconditional consent from individuals before processing their data. To ensure clarity, consent requests must be presented in straightforward language, and the process of withdrawing consent should be as simple as giving it.

Allahabad HC allows ASI to conduct survey of Gyanvapi mosque; check details

Furthermore, data fiduciaries will be required to inform individuals about the data being collected and the specific purposes behind such collection. Individuals will retain the right to withdraw their consent at any time, enabling them to control their data privacy.

However, there are certain instances where data can be processed without consent. These include cases where providing benefits and services necessitates data processing or when complying with legal obligations.

With these proposed changes, the Digital Personal Data Protection Bill aims to strike a balance between protecting individuals' privacy and enabling responsible data usage in various sectors. If enacted, this bill could significantly impact how personal data is collected, processed, and managed in the digital era.

Data Protection Obligations:

Data fiduciaries are bound to implement reasonable security measures to protect against data breaches and are required to promptly inform individuals if a breach occurs.

Once the purpose of data collection is fulfilled or if an individual withdraws consent, data must be deleted promptly.

Haryana violence: Internet ban extended till August 5, CM Khattar seeks more forces

For significant data fiduciaries, it is mandatory to appoint a Data Protection Officer and an independent data auditor to ensure compliance with data protection regulations.

Processing data of children requires obtaining consent from their parents or legal guardians.

The government may set an age limit beyond which parental consent is not necessary for processing children's data.

Data principals (individuals) have specific rights, including the right to access the personal data collected about them and information on its sharing.

Individuals have the right to request the deletion, correction, or updating of their personal data as needed.

To address any grievances, data fiduciaries are required to establish a robust redressal mechanism.

Individuals must provide authentic personal information and refrain from withholding material details or impersonating others when engaging with data fiduciaries.

These provisions aim to create a balanced data protection ecosystem that respects individuals' rights while ensuring responsible and transparent data handling by data fiduciaries.

WATCH: Mumbai student's graduation ceremony dance takes an unexpected turn; leaves internet divided

Exemptions:

To safeguard security and sovereignty, the government may restrict the transfer of personal data to certain countries.

In the interest of national security and public order, government entities can be exempted from specific provisions.

Certain classes of fiduciaries, such as startups, may also be exempted from complying with certain provisions.

Data Protection Board of India:

A Data Protection Board will be constituted, consisting of a chairperson and government-nominated members.

Kerala: Man held with MDMA dies in police custody in Tanur; 8 cops including SI suspended

Empowered with regulatory authority, the board can direct remedial actions, conduct inquiries, and impose penalties for data breaches and non-compliance.

Data fiduciaries may face penalties of up to Rs 250 crore for violations.

Decisions made by the board can be appealed within 60 days in the Telecom Disputes Settlement and Appellate Tribunal (TDSAT).