The Rajya Sabha on Wednesday passed the Digital Personal Data Protection Bill, 2023 which aimed at safeguarding citizen’s right to personal information, and ensuring need to use personal data for lawful purposes.
“The Rajya Sabha has approved the Digital Personal Data Protection Bill 2023.
This Bill, currently pending presidential assent, poised to reshape how businesses handle personal data within India.
Notably, the Bill introduces a negative-list approach for cross-border data transfers, allowing data flow to all jurisdictions by default, unless expressly prohibited. However, stricter local laws governing data transfer will take precedence,” says Supratim Chakraborty, Partner, Khaitan & Co
Provisions of the bill will apply to digital personal data within India collected both online or offline and digitised. Processing of personal data outside will also come under the ambit of the bill if it is for offering goods or services in India.
The bill lays down that the provisions of the Act will not apply to the processing of the personal data by an instrumentality of the state, as notified by the Central government citing sovereignty and integrity of India, security of the State, friendly relations with foreign States, and maintenance of public order, among others
Responding to the concerns IT and Communications minister Ashwini Vaishnav said while moving for the passage of the bill in Lok Sabha, “If a natural disaster takes place, forms and notices for processing personal data should a priority for the government or safety of citizens should accorded a priority.”
Vaishnaw added that the Section 2B defines the loss which could compensated through the law of torts. Right to forgotten is in Section12 in the form of the right to be erased while the Section 16 of the bill has clear provisions for data localisation.