New Delhi: The Data Protection Bill, aimed at safeguarding personal data, will be introduced in the upcoming monsoon session of parliament after the Union Cabinet cleared it today.
The proposed law is expected to have a far-reaching impact on privacy and data protection, while fostering growth in the start-up economy.
Union Minister Ashwini Vaishnaw had said recently that the government expected to pass the Digital Personal Data Protection Bill and Telecommunication Bil in the monsoon session, which has generated massive interest among tech and social media companies.
Earlier this year, in a case involving privacy concerns of social media users, the Centre told the Supreme Court that a new data protection bill is ready and would be introduced in the July session.
The bill, initially introduced in December 2019, seeks to address the privacy of personal data, and outlines stringent provisions regarding data protection, data sharing, and data storage.
A committee that examined the bill raised several concerns and suggested 88 amendments. All the concerns have been addressed, said sources. Government sources said over 21,000 suggestions were studied before the cabinet cleared it.
The bill, which originally had 96 clauses, has been simplified, said sources. It focuses on user protection and avoids unnecessary litigation, they added.
The bill has been drafted to stand the test of time and address rapid changes in technology, according to sources.
Key points of the data protection bill
The bill looks at how data should be processed, stored, and protected.
It envisages privacy disclaimers and notifications in all major languages.
It specifies the rights and duties of the data giver.
Consent for the use of personal data is implied in some cases. Consent is not feasible in the case of health emergencies, court orders, or disasters.
On the subject of consent, the ministry referred to European Union legislation, which lists 24 situations when consent is not possible. The bill, said sources, goes by a globally well-established understanding of consent over deemed consent.
It took 12 years for Europe's GDPR (General Data Protection Regulation) to evolve, so India will need at least three years for the systems to evolve, sources said.
There were detailed discussions on penalties. The overall impact of the breach would be important in deciding action, sources said, adding that it would not be a simple arithmetic calculation. The bill provides for a data protection board, an independent body to look into fines. The courts will look at compensation.
The IT ministry, said sources, is hoping that most complaints will be addressed by the internal grievance committee of the company.
One of the key features of the bill is "Voluntary undertaking". That means if someone has committed an offense, and if they accept it, they can pay a penalty. The bill gives people a chance to move on. It won't absolve the offender, but it allows them to come clean, suggesting mitigation efforts. The penalty as of now is up to Rs 250 crore.
The law also provides for alternate dispute resolution, or two parties resolving differences if they want to.
The Telecom bill, Digital India Bill and the Digital Personal Data Protection Bill, along with legislation on digital competition, will provide a comprehensive legal framework, said sources.
Misinformation is not in the scope of the bill. Also, the bill will be technology agnostic, meaning it won't regulate any technology.
While developing the proposed law, the government consulted industry bodies like Nasscom, CII, and consulting and legal firms.