The Union Cabinet has cleared the way for the Digital Personal Data Protection Bill to be introduced in Parliament during the monsoon session. Following talks with both government and non-government organisations, the draft Bill was passed. Many twists and turns have occurred in the proposed law. The Centre tabled the Personal Data Protection Bill in the Lok Sabha in December 2019 and swiftly submitted it to a joint parliamentary committee. The panel took two years to complete its report, in which it suggested that the section allowing the Centre to “exempt the processing of personal data by a government agency from the application of any or all provisions of the Bill” have necessary safeguards to avoid misuse.
In the end, the Bill was dropped in August 2022. Three months later, the government published the proposed Digital Personal Data Protection Bill and began public discussions. The proposal created controversy because it exempted companies notified by the Centre from providing individuals with information about the purpose of collecting and processing personal data. It is encouraging to the public that the current draught allegedly does not grant blanket exemption to government entities, despite the fact that a heavy penalty of up to Rs 250 crore has been mooted for violations of the Bill’s provisions.
The significance of personal data security and privacy cannot be overstated. The CoWIN issue, in which there was an alleged breach of Covid vaccination recipients’ data, spurred the authorities to launch an extensive investigation. Data security should be a primary emphasis in the new Bill. An important transparency clause prevents governmental and commercial organisations from collecting and utilising people’s data without their consent. Striking a balance between people’s entitlement to personal data protection and the need to process such data for authorised reasons will be a litmus test for the proposed law.