The Digital Personal Data Protection Bill, 2023, recently secured parliamentary approval, prompting discussions about its implications. Led by Ashwini Vaishnaw, Union Minister for Communications, Electronics, and Information Technology, the bill is set to bring about significant changes in business practices and privacy principles. Vaishnaw addresses critical aspects of the bill in this analysis.
Shift to Blacklisting Approach
The final version of the bill moved away from the concept of trusted geographies to adopt a blacklisting approach. Vaishnaw explains this shift by highlighting the global nature of digital transactions, emphasizing the need to protect sensitive data exchanged across borders. This change is expected to boost India’s IT industry’s global appeal, enabling it to secure international collaborations.
Impact on Business Compliance Costs
Vaishnaw allays concerns about heightened compliance costs for businesses. With extensive consultations involving various stakeholders, he asserts that many processes are already aligned. The industry’s feedback indicates that the law’s implementation won’t impose significant additional compliance burdens. Instead, the law is set to foster behavioral changes within businesses.
Data Localization Norms and Sector-Specific Regulations
Vaishnaw clarifies that the bill’s privacy principles apply universally, regardless of data location. He emphasizes that the bill sets a foundational standard for all sectors while permitting specific sectors to establish additional regulations. This approach allows industries to tailor data practices to sector-specific requirements, promoting both uniformity and customization.
Ensuring Accountability and Consent
The bill enforces accountability by placing responsibility on data-collecting entities, irrespective of their global location. Vaishnaw clarifies that this approach eliminates joint liability for data processors and squarely places responsibility on data fiduciaries. The bill also underscores the importance of clear and specific user consent, drawing from international best practices to streamline the process.
Withdrawal of Consent and Blocking Orders
Regarding consent withdrawal, Vaishnaw explains that personal data must be erased from all points of sharing by the data fiduciary. He introduces the provision of issuing blocking orders against data fiduciaries repeatedly violating privacy rights. This provision aims to strengthen privacy protections by imposing severe actions against repeat offenders while maintaining necessary safeguards.
The Digital Personal Data Protection Bill, 2023, introduces comprehensive measures to address privacy and business concerns. It showcases India’s commitment to align with international standards while safeguarding its citizens’ data privacy rights.