Budget 2023Budget 2023


  • Tata AIA Life Insurance
  • Hafele
  • Motilal Oswal
  • SMC Global Securities Limited
  • SBI Life
  • DSP Mutual Fund
Upcoming Event : LeapToUnicorn - mentoring, networking and fundraising for startups. Register now
you are here: HomeNewsOpinion

Data Protection Bill | Further discussions may give a more comprehensive law

Keeping in mind the Government of India’s foremost objective of enabling a safe online environment for individuals, it appears that these penalties of up to Rs 500 crore have been prescribed as a deterrent

November 23, 2022 / 02:51 PM IST
Representative image

Representative image

In early August, the Ministry of Electronics and Information Technology (MeitY) had withdrawn the Personal Data Protection Bill 2019, indicating that another comprehensive Bill would be subsequently released. On November 18, MeitY released the draft Digital Personal Data Protection Bill 2022 for public consultation.

At first glance, the 2022 Bill appears to be a more pruned down version of its predecessors. While the earlier drafts of the data protection Bill released in 2018 and 2019 were more extensive, this Bill primarily identifies broad governing principles, and leaves several granular and procedural aspects to be legislated by way of subsequent rules. Further, illustrations have been used to elucidate certain key provisions of the Bill.

In a major digression from the earlier drafts of the data protection Bills, the 2022 Bill does not make a distinction between personal data and sensitive/critical personal data, and focuses on the broader set of personal data. The recommendation of the Joint Parliamentary Committee to include non-personal data within the ambit of this legislation has also not been accepted. This can be considered a better approach as regulating personal data and non-personal data under one legislation, may not be effective, and is also not an approach adopted internationally.

Several features of the Bill, especially eased data localisation norm, appear to be business-friendly. Transfer related processes have been somewhat simplified under the Bill allowing personal data to be transferred to select pre-approved cross-border jurisdictions. As expected, constitution of a dedicated data protection authority namely, the Data Protection Board of India, has been envisioned for the first time.