DATA PROTECTION LAW (Syllabus: GS Paper 2 – Governance)

News-CRUX-10     9th October 2023        
QEP Pocket Notes

Context: The telecom industry recently requested a two-year delay in implementing the data protection law due to concerns about the vague age-gating provision.

Data Protection Bill

  • Personal data is defined as data pertaining to an identifiable individual.
  • The Ministry of Electronics and Information Technology has been discussing digital personal data and its protection, culminating in the 'Digital Personal Data Protection Bill, 2023.'
  • The draft Bill aims to establish a framework for processing digital personal data that respects both individuals' rights to safeguard their data and the necessity of processing data for legitimate purposes.

Provisions

  • The Bill is applicable when processing digital personal data within India, under the following circumstances: Data is collected online & Data is collected offline, and then digitized.
  • It also applies to the processing of personal data outside India if the purpose is to offer goods or services within India.
  • Personal data can only be processed for lawful purposes with the individual's consent.
  • For individuals below 18 years of age, consent must be granted by a parent or legal guardian.
  • Rights of Data Principal: A data principal, who is an individual undergoing data processing, possesses the following rights:

o The right to obtain information regarding the processing of their data.

o The right to request the correction and deletion of their personal data.

  • Personal data beyond India: It permits the transmission of personal data beyond India, barring countries that have been prohibited by the central government through an official notification.
QEP Pocket Notes