Draft DPDP Bill has exempted certain entities notified as data fiduciaries by govt from various compliances
The government will not be able to violate the privacy of citizens under the proposed data protection law as it will get access to personal data only in exceptional circumstances like national security, pandemic and natural disasters, Minister of State for Electronics and IT Rajeev Chandrasekhar said.
The draft DPDP Bill has exempted certain entities notified as data fiduciaries by the government from various compliances, including sharing details for the purpose of data collection. The provisions from which government-notified entities will be exempted deal with informing an individual about the purpose for data collection, collection of children’s data, risk assessment around public order, and appointment of a data auditor, among others.
The bill proposes to exempt government-notified data fiduciaries from sharing details of data processing with the data owners under the “Right to Information about personal data”. The draft DPDP Bill also bars individuals from sharing unverifiable and wrong information with data handling entities, which some people believe will deter anonymization on internet platforms, especially on social media.
Speaking during an online discussion, the Minister said the National Data Governance Framework Policy has a provision for handling the anonymization of data — which is not part of the draft Digital Personal Data Protection (DPDP) Bill 2022.
Chandrasekhar also said the proposed Data Protection Board – which will adjudicate matters related to data protection – will be independent and will not have any government officer on the board.
“Let us say that the government wants to essentially violate the privacy of citizens with this law. Is it possible? That’s the question. The answer is no. The bill and laws lay out in very clear terms what are the exceptional circumstances under which the government can have access to the personal data of Indian citizens…. national security, pandemic, healthcare, and natural disasters. These are exceptions. Just like freedom of speech is not absolute and is subject to reasonable restriction, so is the right to data protection,” Chandrasekhar said.
The Minister further said the National Data Governance Framework has provisions to deal with anonymous data while the scope of the DPDP Bill is limited to personal data protection only. “We have a National Data Governance Framework Policy that is to deal with the entire non-personal data and anonymized data space. This (DPDP Bill) is a very narrow well-defined legislation to do with digital personal data protection.
“The anonymized data, standards of anonymization, the use of anonymous data, etc. are all going to be decided by the India Data Management Office (IDMO) under MeitY,” Chandrasekhar said. He said before IDMO’s launch, there will be again a conversation about the non-personal data framework.
The Minister said the Data Protection Board (DPB) will be an independent body and it says so in the bill — ‘independent of the government’. “You will not find people like me or bureaucrats sitting on the Data Protection Board. It is important to understand that DPB is not a regulator. DPB is an adjudication mechanism to adjudicate a breach that has occurred. It is independent as the government will not be on the board,” Chandrasekhar said.
He added that the DPB will have oversight of the high court because all of its decisions will be scrutinized by the court system. “The punitive consequences of data breaches that we have mentioned in the bill should act as deterrent, catalyze the behavioral change in all data platforms in the way they look at the personal data of Indian citizens. They will look at it with more responsibility,” the Minister said.
PGurus is now on Telegram. Click here to join our channel and stay updated with all the latest news and views
For all the latest updates, download PGurus App.
- Lalit Modi plans to sue Rahul Gandhi in UK court over ‘fugitive’ jibe - March 30, 2023
- Traders’ body CAIT seeks empowered Regulatory Authority to monitor & regulate e-commerce - March 30, 2023
- Centre exempts import duty on drugs, food for special medical purposes for personal use to treat rare diseases - March 30, 2023
Do not understand what it means, when IT servers are hacked, no qualified auditors in India, no IT knowledge other than making HTML websites, good only for lawyers, rest is garbage