Be Tech Ready!!
Data PrivacyInternet

“Mera data sirf mera hai!”: No more misuse of personal information by online businesses under Digital Personal Data Protection law


In a matter of six to 10 months, the Digital Personal Data Protection law will come into effect, giving every Indian control over their personal information on the web.

After passing the bill on Wednesday with a voice vote, the government is said to be expecting to implement the law within the next 10 months.

“We have started work on implementation. This kind of legislation will require a 6-10 month kind of frame. We will take every step with proper checks and balances. It is a guesstimate. We might do it faster than that,” Union IT Minister Ashwini Vaishnaw said.

The bill has come six years after the Supreme Court declared Right to Privacy as a fundamental right. It has provisions to control the misuse of individuals’ data by online platforms.

The minister explained that online platforms can only use the data as per the law and only for the purpose for which it has been collected.

He said that the quantum of data should be limited to the requirement.

Under the law, citizens will have the legal right to correct their data, not just that, the online entities will have to erase the data when it is not required anymore.

And, till the data is stored with an entity it has to ensure its security by putting reasonable safeguards in place.

“The provisions of the bill will apply to data of Indian citizens stored overseas as well. Any person in India, even foreign nationals will get protection under the bill,” Vaishnaw said.

Since ‘Right to Privacy’ is a fundamental right, any personal data can be published only through a legally approved process, and in no other form personal information can be shared in any public forum.

The Bill also has a provision for an independent Data Protection Board (DPB), which will ensure equal access to justice to people across the country.

The DPB will be created at the Union level and will check misuse of jurisdiction by rule violators.

As part of its provisions, the bill compels companies to notify the DPB and user in case of a data breach.

Entities are also obligated to designate a Dara Protection Officer and share their contact information with users.

The bill has special provisions for minors and individuals with disabilities who are under guardianship. Processing their data will require explicit consent from their guardians.

The issue of media reporting on the medical data of politicians was also raised in the House.

AIADMK leader M Thambidurai said that it should be protected as personal data.

Responding to this, Vaishnaw said that the DPDP 2023 will not overwrite sectoral rules, and rules for media will be as per existing related laws.

“However, the healthcare department should not leak someone’s personal data without proper consent,” he said.

The bill now requires the assent of President Droupadi Murmu.