Why in Broadcast?

• The Union Cabinet has approved the draft of The Digital Personal Data Protection Bill, 2022, which is expected to be tabled in Parliament’s Monsoon Session that begins on July 20.

Purpose

• The purpose of this Act is to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process personal data for lawful purposes, and for matters connected therewith or incidental thereto.

Application of the Act

• The provisions of this Act shall apply to the processing of digital personal data within the territory of India where:

• Such personal data is collected from Data Principals online; and
• Such personal data collected offline, is digitized.

• The provisions of this Act shall also apply to processing of digital personal data outside the territory of India, if such processing is in connection with any profiling of, or activity of offering goods or services to Data Principals within the territory of India.
• The provisions of this Act shall not apply to:

• Non-automated processing of personal data;
• Offline personal data;
• Personal data processed by an individual for any personal or domestic purpose; and
• Personal data about an individual that is contained in a record that has been in existence for at least 100 years.

Amendments

• The Information Technology Act, 2000 (“IT Act”) shall be amended.
• Clause (j) of sub-section (1) of section 8 of the Right to Information Act, 2005 shall be amended.

Concerns Related to the Draft Bill

• The Bill approved by the Cabinet is understood to have largely retained the contents of the original version that was proposed in November 2022.
• Wide-ranging exemptions for the central government and its agencies, which were among the most criticised provisions of the previous draft, are understood to have been retained unchanged.
• The control of the central government in appointing members of the data protection board is learnt to have been retained as well.
• There is also concern that the law could dilute the Right to Information (RTI) Act, as personal data of government functionaries is likely to be protected under it, making it difficult to be shared with an RTI applicant.

Comparison with other Countries

• According to UNCTAD, an estimated 137 out of 194 countries have put in place legislation to secure the protection of data and privacy.

Adoption Rate:

• Africa: 61% (33 countries out of 54)
• Asia: 57% (34 countries out of 60)
• Least Developed Countries: 48% (22 out of 46)

EU Model:

• The GDPR focuses on a comprehensive data protection law for processing of personal data.
• It has been criticised for being excessively stringent, and imposing many obligations on organisations processing data.

US Model:

• Privacy protection is largely defined as “liberty protection”.
• It enables collection of personal information as long as the individual is informed of such collection and use.