Data Protection Bill 2022
Three months after dropping the Personal Data Protection Bill 2022, after a parliamentary panel requested as many as eighty-one revisions, the administration unveiled a draught of the new data privacy law to solicit public opinion.
The government has introduced the proposed legislation as the “Digital Data Personal Protection Bill, 2022.” ‘To provide for the processing of digital personal data that recognizes the right of persons to protect their data, the necessity to process it for personal purposes, and for other incidental objectives,’ the draught states as its purpose.
The following are critical elements of the proposal of the Digital Data Personal Protection Bill, 2022:
1. It is noteworthy that the pronouns “her” and “she,” regardless of a person’s gender, have been employed for the first time in the nation’s legislative process. According to the draught, this is the government’s ideology of empowering women.
2. The measure is founded on seven guiding principles, including the authorized use of personal data by organizations, purpose restriction, data minimization, accuracy assurance, storage restriction, breach prevention, and accountability for data processing.
3. To prepare it, best practices from around the world were considered, including a review of the data protection laws in Australia, the European Union (EU), Singapore, and a potential direction in the USA.
4. There are six “Chapters” in the draft for 25 points. Preliminary, Obligations of Data Fiduciary, Rights and Duties of Data Principal, Special Provisions, Compliance Framework, and Miscellaneous are the “Chapters.”
5. It employs the phrases “Data Principal,” “Personal Data,” “Data Fiduciary,” “Processing,” and “Public Interest” in several contexts with distinct intended meanings.
6. Provision has been established to make essential information available to individuals in languages under the 8th schedule of the Constitution, allowing them to fairly assess a situation in which their data is being requested.
7. Only the following justifications can be used to process personal data: Processing is done solely in line with the terms of this bill; Processing is done for the reason that is not prohibited by law; and Processing is done with the person’s prior agreement.
8. Processing personal data that could endanger children is not permitted. Transfer of personal data to specified notified countries for cross-border interaction will be allowed, but only after the government has evaluated all pertinent factors.