DATA PROTECTION LAW (Syllabus: GS Paper 2 – Governance)

Context: The telecom industry recently requested a two-year delay in implementing the data protection law due to concerns about the vague age-gating provision.

Data Protection Bill

• Personal data is defined as data pertaining to an identifiable individual.
• The Ministry of Electronics and Information Technology has been discussing digital personal data and its protection, culminating in the 'Digital Personal Data Protection Bill, 2023.'
• The draft Bill aims to establish a framework for processing digital personal data that respects both individuals' rights to safeguard their data and the necessity of processing data for legitimate purposes.

Provisions

• The Bill is applicable when processing digital personal data within India, under the following circumstances: Data is collected online & Data is collected offline, and then digitized.
• It also applies to the processing of personal data outside India if the purpose is to offer goods or services within India.
• Personal data can only be processed for lawful purposes with the individual's consent.
• For individuals below 18 years of age, consent must be granted by a parent or legal guardian.
• Rights of Data Principal: A data principal, who is an individual undergoing data processing, possesses the following rights:

o The right to obtain information regarding the processing of their data.

o The right to request the correction and deletion of their personal data.

• Personal data beyond India: It permits the transmission of personal data beyond India, barring countries that have been prohibited by the central government through an official notification.