INTRODUCTION
India, being a developing country, is undergoing fast growth, notably in the field of technology. India’s evolution to a totally internet-driven economy is one such exceptional example. However, in a nation like India, a lack of data protection legislation has compromised the expectation of privacy stipulated in the Indian Constitution; the importance of such laws has been reaffirmed by the court’s decision in the case of K.S. Puttaswamy, J. v. Union of India, and others.
A tremendous quantity of confidential data has been created as a consequence of the increasing number of individuals utilising the worldwide web and the widespread usage of technology. This information has been collected without the consent or responsibility of individuals, raising questions regarding privacy issues.
The Information Technology (IT) Act of 2000 is currently governing the collection and use of personal data in India. This means that this strategy has been judged to be inadequate for maintaining personal data protection. In 2017, the national government created the Committee of Specialists on Data Protection, led by Judge B. N. Sri Krishna, for the purpose of investigating concerns about data protection in the country. The committee presented its report in July 2018.
BACKGROUND
The need for laws to protect confidential data in India has been brought about by the nation’s continually shifting legislative and governmental environment, in addition to the implementation of GDPR. This paved the way for the 2019 Personal Data Protection “Bill,” which highlighted the need for stiffer repercussions and enhanced information protection. Based on the Committee’s recommendations, the Personal Data Protection Bill, 2019, was put forward in Lok Sabha in December 2019. A Parliamentary Commission was tasked with assessing the bill, and its recommendations were due in December 2021.
Regardless, the combined committee to which the bill originally went forward studied it extensively and recommended 81 changes and 12 comments in order to develop effective data protection laws. After considering the suggestions of the joint parliamentary committee, the administration chose to abandon the bill on August 3, 2022, and replace it with a new one that corresponds to the approved comprehensive legal framework.
CURRENT SCENERIO
Considering a review of numerous issues concerning digital private data and its safeguarding, the MEITY Ministry of Electronics and Information Technology prepared the Digital Personal Data Protection Bill, 2022, which was presented on November 18, 2022.
If passed by the legislature, it will replace the 2011 regulations as well as portions of the present laws. The measure attempts to put obligations on companies that determine the objectives and approaches of data processing (known as “data fiduciaries”). Organisations that collect data that is personally identifiable from users for the sole purpose of marketing and delivering food products, for example, infer that the goal of collecting is to aid in the purchase and transportation of products. It also tries to regulate companies that handle this type of knowledge (also referred to as “data processors”) in keeping with the companies’ wishes.
As an illustration, if an application employed the services of a remote storage provider for keeping sensitive data, the provider would operate solely on guidelines from the company in question. Aside from that, the law determines the legal rights of individuals (commonly referred to as “data principals”) to whom personal data belongs.
SCOPE OF THE NEWLY PRESENTED BILL
The previously announced Digital Personal Data Protection Bill 2022 has been the focus of a heated discussion. It is of the utmost importance to maintain the debate in order to ensure that a greater number of individuals become cognizant of the proposal’s flaws. The Solicitor General additionally indicated on the last day of January 2023, in a speech delivered shortly beforehand to the top court of India, that a data protection bill would be filed with the legislature in the second half of the budgetary session in 2023. As a consequence, this idea might become law in the next few months. The brief includes fresh information that was undertaken to ensure that everyone in the neighbourhood can have a substantive discussion about the strategy.
The DPDPB, which merely attempts to regulate personal data, excludes non-personal data from its scope. For the first time in India, the pronouns “she” and “her” were used when describing persons of any gender in the Digital Privacy Bill 2022.
Between the additional definitions, the DPDPB includes novel concepts such as “data principal” (the person to whom the personally identifiable information relates, which may include the individual’s parent’s or legal guardian if the individual in question is a child) and “data fiduciary relationships (the