The Digital Data Protection Bill, which the Central government is working on, is expected to be introduced in the forothcoming Budget Session of 2023-24. The Bill is presently in its draft stage and has been placed in the public realm for consultation.
The Digital Personal Data Protection Bill is legislation that frames out the rights and duties of the citizen on one hand and the Obligations to use collected data lawfully of the Data Fiduciary on the other hand. The bill is based on the following principles around the Data Economy.
The first principle is that the collection and usage of personal data by organisations must be done in a manner that is lawful, protect the data of the individuals concerned and is transparent to individuals.
The 2nd principle of Purpose and Storage limitation is that the personal data is used only for the purposes for which it was collected and only stored for the duration as is necessary for the purpose that it was collected. The third principle of data minimisation is that only collection of data will be limited to only those personnel that is required for the purpose specified.
The 4th principle is Data protection and Accountability is that the responsibility of processing the data is with the person who collects the Data and the Data collected will be stored in a secure manner with no unauthorised use of the data or personal data breach. The fifth principle is Personal data collected will be stored in an accurate manner.
Reasonable effort is being made to make certain that the personal data of the individual is accurate and kept up to date. That the citizen will have the right to inspect his/her data and/or delete/modify it as required.
The 6th principle is mandatory reporting of breaches and fair, transparent and equitable adjudication of breaches of Fiduciary obligations by a Data Protection Board.
These principles have been used based on personal data protection laws in various jurisdictions. The actual implementation of such laws has allowed the emergence of a more nuanced understanding of personal data protection wherein individual rights, public interest and Ease of doing business, especially for startups are balanced.