The Digital Personal Data Protection Bill of 2023 has been approved by the Lok Sabha through a voice vote today. Minister Ashwini Vaishnaw, in his bill introduction, emphasised its objective to safeguard the right to privacy. He informed that the bill underwent comprehensive discussions within the IT Standing Committee and underwent thorough consultation procedures.
The minister said, “If there is a natural disaster somewhere, should the authorities then be giving data notices or taking consent, or should they be safeguarding lives? If the police have to catch a criminal, should the police care about writing forms or catching the criminal?”
Key Highlights of the Bill
– The bill focuses on user-friendly language.
– Emphasis on using she/her pronouns.
– Adherence to fundamental principles such as legality, purpose limitation, data minimisation, accuracy, storage limitation, reasonable safeguards, and accountability.
– Introduction of voluntary engagement and alternative dispute resolution, enabling entities to approach the Data Protection Board (established under the bill) for rectifying any errors.
Drawing a comparison, the Minister likened the Bill to the European Union’s GDPR, highlighting that while the GDPR has 16 exemptions, the DPDP only has 4.
He further said, “The DPDP Bill has inculcated several provisions for data protection. Firstly, principle of legality where if any platform takes any data, it mandates that the data should be taken legally. Secondly, the principle of purpose limitation mandates that the data should only be taken for the purpose that is mentioned…,” adding that the other principles include, that of data minimisation, principle of accuracy, storage limitation and reasonable safeguard.
Support for the DPDP came from BJP MP PP Chaudhary, former Chairperson of the Joint Parliamentary Committee for the PDP Bill. He noted that consent can be revoked at any time and that government services providing benefits do not necessitate consent.
However, YSRCP MP Srikrishna Lavu expressed concerns. He pointed out the absence of a clear definition of ‘harm’ for determining compensation and the lack of provisions for data portability and the right to be forgotten in the bill. He also raised concerns about executive control over the Data Protection Board. Lavu brought attention to the impact on children’s data, stating that the Bill could restrict internet access for those under 18, even though those over 14 are allowed to work. He underscored the reliance on parental consent, considering the limited computer and internet literacy among Indians.
Shiv Sena MP Shrikant Shinde highlighted the bill’s potential to combat pesky spam calls.
BSP MP Ritesh Pandey expressed apprehension over the Union government’s retained authority concerning individual data rights. He labelled the Union government as the principal fiduciary and voiced concerns about content blocking based on the Data Protection Board’s decisions.
BJP MP Sanjay Seth raised concerns about children’s data collection during shopping and how the bill would affect targeted advertising by play-schools after its enactment.
Various concerns were also raised about the proposed amendment to Section 8(1)(j) of the RTI Act, 2005, centralisation of power through exemptions, potential state surveillance, and increased censorship.
The Minister provided explanations for these concerns: first, the bill has different rules for different apps depending on how old you are; second, parents can use Digilocker to agree to things; third, there are important parts in the bill called “Right to be Forgotten” and “Independence of the DPB”; fourth, the Parliament can’t make all the rules it wants, there are some restrictions; fifth, a group of organisations will team up (DPB – TDSAT – SC); and finally, one change got approved to fix something in Section 37.