DATA PROTECTION LAW (Syllabus: GS Paper 2 – Governance)

Context: Implementing the data protection law will increase the compliance burden on the telcos, which in turn will lead to a significant rise in compliance costs.

The telcos will also face increased risks of breach of law with dual roles as data processors and data fiduciaries according to the provisions of the new Act.Data Protection Bill

• Personal data is defined as data pertaining to an identifiable individual.
• The Ministry of Electronics and Information Technology has been discussing digital personal data and its protection, culminating in the 'Digital Personal Data Protection Bill, 2023.'
• The draft Bill aims to establish a framework for processing digital personal data that respects both individuals' rights to safeguard their data and the necessity of processing data for legitimate purposes.

Provisions

• The Bill is applicable when processing digital personal data within India, under the following circumstances: Data is collected online & Data is collected offline and then digitized.
• It also applies to the processing of personal data outside India if the purpose is to offer goods or services within India.
• Personal data can only be processed for lawful purposes with the individual's consent.
• For individuals below 18 years of age, consent must be granted by a parent or legal guardian.
• Rights of Data Principal: A data principal, who is an individual undergoing data processing, possesses the following rights:
• The right to obtain information regarding the processing of their data.
• The right to request the correction and deletion of their personal data.
• Personal data beyond India: It permits the transmission of personal data beyond India, barring countries that have been prohibited by the central government through an official notification.