The Digital Personal Data Protection Bill 2022 tries to protect personal data while also pursuing users’ consent in what the draft claims are “precise and plain speech,” depicting the identical kinds of data that will be composed and for what purpose.
Divisions of “significant” dimensions – founded on aspects such as the volume of information they process – should appoint an autonomous data auditor to evaluate compliance with provisions of the law.
Enterprises will be mandated to stop controlling user data if it no longer suits the business objective for which it was amassed. However, users shall have the right to modify and erasure their data.
The administration will have the power to specify the countries where companies can transfer personal data. This will allow businesses to send user data to servers in nations on that list. In addition, the government will establish a “Data Protection Board” to ensure compliance with the proposed law. The board will also hear user complaints.
The Data Protection Board can impose financial fines for non-compliance. The draft proposal said that the collapse of commodities to take reasonable security precautions to prevent data infringements could result in penalties of up to 2.5 billion rupees ($30.6 million).
No company or institution will be entitled to process private data that is “likely to cause harm” to children, and advertising cannot target juveniles. In addition, parental consent will be required before processing any confidential data of a child.
The law will cover unique data collected online and digitized offline data. It will also apply to processing confidential data abroad if such data involves profiling Indian users or selling assistance to them.