Legal and Regulatory Aspects or Data Privacy Laws
Many countries have enacted data privacy laws that govern the collection, storage, and use of personal data. In India the Digital Personal Data Protection Bill, 2023* was passed on 07.08.2023. It lays down the obligations of entities handling and processing data as well as the rights of individuals. The bill proposes a maximum penalty of Rs 250 crore and minimum of Rs 50 crore on entities violating the norms.
Key provisions of the bill*
- In case of a data breach, companies must inform the Data Protection Board (DPB) and users
- Children’s data and data of physically disabled persons with guardians must be processed after consent from guardians
- Firms must appoint a Data Protection Officer, and provide such details to users
- The Centre retains the power to restrict the transfer of personal data to any country, or territory outside India
- Appeals against DPB decisions to be heard by the Telecom Disputes Settlement and Appellate Tribunal
- DPB may summon, examine people under oath, inspect books, and documents of companies working with personal data
- DPB to decide on penalty after considering the nature and gravity of the breach, the type of personal data impacted
- DPB may advise government to block access to an intermediary, if DPDP Bill provisions are breached more than twice