Support

Explore

HomeNo Image is Available
About UsNo Image is Available
AuthorsNo Image is Available
TeamNo Image is Available
CareersNo Image is Available
InternshipNo Image is Available
Contact UsNo Image is Available
MethodologyNo Image is Available
Correction PolicyNo Image is Available
Non-Partnership PolicyNo Image is Available
Cookie PolicyNo Image is Available
Grievance RedressalNo Image is Available
Republishing GuidelinesNo Image is Available

Languages & Countries :






More about them

Fact CheckNo Image is Available
LawNo Image is Available
ExplainersNo Image is Available
NewsNo Image is Available
DecodeNo Image is Available
Media BuddhiNo Image is Available
Web StoriesNo Image is Available
BOOM ResearchNo Image is Available
BOOM LabsNo Image is Available
No Image is Available
Deepfake TrackerNo Image is Available
VideosNo Image is Available

Support

Explore

HomeNo Image is Available
About UsNo Image is Available
AuthorsNo Image is Available
TeamNo Image is Available
CareersNo Image is Available
InternshipNo Image is Available
Contact UsNo Image is Available
MethodologyNo Image is Available
Correction PolicyNo Image is Available
Non-Partnership PolicyNo Image is Available
Cookie PolicyNo Image is Available
Grievance RedressalNo Image is Available
Republishing GuidelinesNo Image is Available

Languages & Countries :






More about them

Fact CheckNo Image is Available
LawNo Image is Available
ExplainersNo Image is Available
NewsNo Image is Available
DecodeNo Image is Available
Media BuddhiNo Image is Available
Web StoriesNo Image is Available
BOOM ResearchNo Image is Available
BOOM LabsNo Image is Available
No Image is Available
Deepfake TrackerNo Image is Available
VideosNo Image is Available
Explainers

Right To Erasure, Consent: Key Takeaways Of Digital Personal Data Protection Bill, 2022

While releasing the Digital Personal Data Protection Bill, 2022, the government also invited feedback from the public.

By - BOOM Team | 21 Nov 2022 5:48 PM IST

The Ministry of Electronics and IT (MeitY) on Friday released the draft Digital Personal Data Protection Bill 2022, that seeks to outline the rights of individuals when it comes to sharing their data and the legal use of such data by companies. 

This comes months after the government withdrew the controversial Personal Data Protection Bill 2019 in August this year. It was withdrawn on recommendations by the Joint Committee of Parliament amid severe scrutiny and criticism. 

The government said that with the current draft bill, citizens can make suggestions and provide feedback. It said, "No public disclosure of the submissions will be made." 

Here are the key takeaways from the Digital Personal Protection Bill, 2022: 

Individuals Must Give Consent, Be Informed Of Data Usage

An organisation or a company, the bill says, can collect data from an individual only through the rules and legalities outlined in the bill and for purposes that are not forbidden by the law.

Companies would be required to notify individuals for submitting their data. Requests for consent need to be given to the individual "in a clear and plain language"  a description of personal data that is being collected "and the purpose for which such personal data has been processed". 

In case the data is shared with a third party, the company will also be responsible for stopping the third party from processing the data. The bill cites an example, "'A' subscribes to an e-mail and SMS-based sales notification service operated by 'B'. As part of the subscription contract, 'A' shares her personal data including mobile number and e-mail ID with 'B' which shares it further with 'C', a Data Processor for the purpose of sending alerts to 'A' via email and SMS. If 'A' withdraws her consent to processing of her personal data, 'B' shall stop and cause 'C' to stop processing the personal data of 'A'." 

Companies are obliged to delete data after closure of account

According to the new bill, organisations must delete the personal data of individuals when the reason for obtaining the data ceases to exist and the retention of data is not required for "legal or business purposes".

For example social media platforms must delete personal data provided by a user while creating an account when they delete the account. In the case of banks, it can retain KYC details of a customer after closure of the bank account only for a prescribed period. 

Individuals must be informed of data breach 

Organisations or companies that store personal data of individuals must take required safety measures to protect it from being leaked or breached. 

The draft bill states, "In the event of a personal data breach, the Data Fiduciary or Data Processor as the case may be, shall notify the Board and each affected Data Principal, in such form and manner as may be prescribed." 

Obtaining data of minors 

Every organisation that needs to collect personal data of minors must do so with the consent of their parents. The draft law defines children as those below the age of 18 years. The draft law says that organisations and companies are forbidden from any processing of the data that may harm children. 

The draft law also forbids organisations from undertaking any "tracking or behavioural monitoring of children or targeted advertising directed at children".

Right to information, erasure of data 

According the this draft bill, an individual can approach the organisation or company that they have provided their personal data to and ask them to provide a summary of their personal data, if it has been processed or is being processed, who the data has been shared with and which bits of the data has been shared. 

An individual will also be within their rights to ask the company to correct or erase their personal data if required. The law states when requested for correction or erasure a company must "(a) correct a Data Principal's inaccurate or misleading personal data; (b) complete a Data Principal's incomplete personal data; (c) update a Data Principal's personal data; (d) erase the personal data of a Data Principal that is no longer necessary for the purpose for which it was processed unless retention is necessary for a legal purpose".

All Genders Referred To As She/Her

In a first, the government has drafted the a bill where all individuals of every gender were referred to as she/her.

In an explanatory note, the government said, "For the first time in India's legislative history, "her" and "she" have been used to refer to individuals irrespective of gender. This is in line with the government's philosophy of empowering women." 

Tags: