Ashwini Vaishnaw, the Minister of Union Communications, Electronics, and Information Technology in India, says on Thursday, Aug. 3 that the government is reviving the data privacy bill.
The Digital Personal Data Protection Bill 2023 will shed light on safeguarding individuals' data. However, it won't be easy to pass it in the Lok Sabha after several pushbacks from tech giants in 2022.
India Resubmits Updated Data Privacy Bill
With the data privacy bill coming close to being passed, it won't be an easy journey for the politicians since the opposition members in India have a concern about it.
According to a report by Business Today, some of the members believe that the bill should be scrutinized first just like what they did in the similar data protection bill last year.
The bill will have the power to waive data fiduciaries and these include compliance coming from startups. Moreover, this will also be responsible for handling the data of the young people so as to assure the safety of their identities.
In line with this, India has the authority to choose the countries where data transfer will be prohibited. The update in the bill also suggests that it will only be applicable to "notified countries and territories."
Ensuring the Existence of Legitimate Interest
In another report by TechCrunch, the data privacy bill gives individuals an opportunity to bring their concerns to the board in case they don't receive an answer from the data fiduciary in seven days.
The report adds that it's also required to provide authentic personal data. Impersonating other information is not accepted as per the ruling.
For individuals who will not comply with the duties that are bound in the bill, they are set to pay a pay of $121 or 10,000 Indian rupees. The fine is heavier when a data fiduciary violates the law. It could potentially reach up to $30 million or 250 crores of Indian rupees.
Furthermore, the collection of user data should always come with consent from the respective recipient. If a company wants to obtain information, it should be relayed in simple language.
The bill also notes that there's an exemption from the requirement of obtaining explicit consent from a user. This includes "certain legitimate" purposes which is in line with the updated provision of the 2022 bill's draft.
Rising public-policy think-tank The Dialogue has an insight to share about the data privacy bill.
Per Kamlesh Shekhar, the research institute's program manager, it's still important to ensure that legitimate interest exists, thus establishing "grounds of necessity," despite moving away from the consent.
Rajeev Chandrasekhar, another IT minister of India, considers this change a "very significant milestone in the evolution of the global standard cyber law framework." This makes the companies more compliant in data collection and steers away from asking for "extraneous" data that is not connected to any product or service offered to the consumer.