The work on the data protection bill started after the Supreme Court in August 27 ruled that 'Right to Privacy' is a fundamental right.
Digital Personal Data Protection (DPDP) got the approval of the Union Cabinet on Wednesday.
The bill that aims to make entities like internet companies, mobile apps, and business houses more accountable and answerable about collection, storage and processing of the data of citizens as part of “Right to Privacy”, will be tabled during the monsoon session of Parliament, reported PTI quoting a source.
The Cabinet has approved a draft of the DPDP bill. It will be tabled in Parliament in the upcoming session,” the source said.
The monsoon session of Parliament is scheduled to be held from July 20 to August 11.
The work on the data protection bill started after the Supreme Court in August 27 ruled that “Right to Privacy” is a fundamental right.
The government had in August withdrawn the personal data protection bill, which was first presented in late 2019, and issued a new version of the draft bill in November 2022.
The source did not share changes that have been made in the bill but said that most of the provisions that were present in the draft issued by the Ministry of Electronics and IT (Meity) in November 2022 are part of the approved draft.
“The draft was placed before Cabinet after extensive consultation. A total of around 21,660 suggestions were received on the draft and each one of them were considered. Consultations were held with 48 organisations outside the government and 38 within the government before finalising the draft,” the source said.
Once approved, several entities, both public and private, will need to seek consent from users to collect and process their data.
The draft bill had earned criticism around the government getting power to exempt entities from various clauses of the bill.
The draft issued by Meity exempted entities notified by the Centre from giving notice to citizens to explain details of purpose of data collection and purpose of processing it.
The source said that there will be an exemption for some government or government-notified entities in special cases like pandemic, law and order etc., the source said. When asked about provisions that the draft has to check misuse of data collected by the central and state agencies, the source said there is no blanket exemption to government entities and the bill when enacted as law will evolve gradually.
The source said that the Data Protection Board will resolve issues on a case to case basis.
Meity’s draft bill had proposed to omit Section 43 A of the IT Act, which relates to the provision for compensation to be paid to victims in case of data protection.
The source said that the Data Protection Board (DPB) will decide on the disputes as per the clause in the bill but victims will have the right to claim compensation by approaching civil courts.
The bill proposes to levy a penalty of up to Rs 250 crore on entities for every instance of violation of norms in the bill.
However, in case multiple people are impacted by the violation of norms then DPB will assess the impact and decide on the scale of the penalty, the source said.
“In case of disputes, the Data Protection Board will decide. Citizens will have the right to claim compensation by approaching civil court. There are a lot of things that will evolve gradually,” the source said.
According to the source, individuals will have the right to seek details about their data collection, storage and processing once the law is implemented.
The source said that the bill does not differentiate between sensitive and non-sensitive data but lays down broad principles that need to be followed for collection, storage and processing of data.