India’s digital landscape seems to be headed in a new direction with introduction of the Digital Personal Data Protection Bill (DPDPB), 2023. With the Lok Sabha, lower house of the Parliament, approving the bill on August 7, 2023, data-oriented platforms are expected to implement various checks and balances to protect personal identifiable information (PII) and other data. As stated in the bill, it aims to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto. “DPDPB, 2023, aims to establish the rights of individuals concerning their data while imposing obligations on organisations that collect, process, or store such data. I think the bill introduces measures to protect personal data, ensure transparency, and facilitate user control over their data,” Nick Bahl, co-founder, ReelStar, a multi-blockchain company, told FE TransformX.
From what it’s understood, the bill intends to bolster the market around data-focussed corporations. According to PRS Legislative Research, a non-profit organisation, responsibilities of data fiduciaries will involve supporting data accuracy, ensuring data safety, and removing data post fulfilment of purposes. The organisation also stated that individual rights’ will include the right to gain data, explore correction and deletion, and grievance redressal. The government has further levied a penalty of Rs 200 crore in the bill for breach of child-based duties and Rs 250 crore for lack of security practices around data management.
Reportedly, the bill permits personal data-oriented transactions beyond India, excluding countries informed by central government. The right for creation of Data Protection Board of India will fall under central government, with appointments to be made for two years and eligibility for re-appointment. “DPDPB, 2023, can enhance data security and accountability, to promote a transparent and ethical handling of personal data. By emphasising on Know Your Customer/Anti-Money Laundering regulations, the bill intends to ensure an authentication process that can protect individuals from fraudulent activities,” Shrikant Bhalerao, founder and CEO, Seracle, a blockchain cloud company, highlighted.
Market experts suggest that DPDPB, 2023, can cause data compliance implications for business platforms. Going by market-based data, it’s been found that the bill contradicts policies associated with Section 43A of Information Technology Act, 2000, that requires companies to indemnify users upon botching their data. Moreover, other pointers associated with the bill are exceptions for governments and agencies, dilution of data protection board’s capabilities, and revision of Right to Information Act, 2005. The bill is believed to not take into account the right to data portability, along with implementation of guidelines around personal data-based issues.
Furthermore, DPDPB, 2023, seems to be providing legislative support for Supreme Court’s decision in Justice K S Puttaswamy (Retd) Vs Union of India Case (2017). During the case’s hearing, it was upheld that Indians hold constitutionally protected rights for privacy, which is considered important under Article 21. It is predicted that the bill will ensure cross-border data transactions are met with regulations, which should be a boon for global business environment. “I think the future is built on data. Through the bill, we can recognise the importance of protecting personal data and creating an official grievance redressal system for misuse. With data privacy and protection legislation, the country should move towards mainstream adoption of data management infrastructure like blockchains,” Edul Patel, co-founder and CEO, Mudrex, a crypto-investing platform, concluded.
