Shrutika Patil, Pune
On Monday, despite persistent opposition chants, the Lok Sabha approved the Digital Personal Data Protection Bill, 2023, through a voice vote. This bill sets out stipulations for businesses engaged in online data collection, with the exception of governmental bodies and law enforcement agencies.
Ashwini Vaishnaw, the Union Minister for Communications, Electronics, and Information Technology, introduced the bill in the Lok Sabha on August 3. This was met with opposition members’ requests to refer it to a parliamentary panel for examination.
The bill’s classification as a money bill was also challenged by the opposition. However, government sources subsequently clarified that the bill would be treated as a regular bill, not a money bill.
Additionally, the bill, presently awaiting consideration in the Upper House, introduces modifications to the 2005 Right to Information Act, eliminating exemptions that were previously applicable to disclosing personal information in the public interest.
As stipulated in the bill, the central government will possess the authority to exempt “any instrumentality of the state” from adverse consequences, citing national security, foreign government relations, and maintenance of public order as potential grounds.
The core objective of the Digital Personal Data Protection Bill 2023 is to establish an extensive framework for safeguarding personal data. This framework extends its coverage to personal data gathered in India, encompassing both digitized online and offline data.
Moreover, the regulations outlined in the bill will apply to data processing occurring outside of India if it involves providing goods or services to individuals within the country.
Provisions that privacy experts raised concerns about, such as the exceptions for the Centre, have been retained in the original form of the bill as initially proposed in November of the previous year. The new iteration of the bill also confers virtual censorship authority to the Centre.
In response to apprehensions raised from various quarters, IT Minister Ashwini Vaishnaw argued that exemptions for the Centre were essential. He posed questions such as, “In cases of natural disasters like earthquakes, should the government delay data processing to seek consent, or act promptly to ensure safety? When the police are conducting an investigation to apprehend an offender, should their consent be sought?” Vaishnaw queried.
This constitutes India’s second endeavor to draft privacy legislation, following at least three previous attempts at enacting a data protection law that the government contemplated but set aside.
The bill, arriving six years after the Supreme Court enshrined the “Right to Privacy” as a fundamental right, incorporates provisions to curb the misuse of individuals’ data by online platforms.