Digital data protection Bill, 2022

What is data protection?

As we know that data is now considered an asset to any country or person which must be protected. Data protection is necessary in order to regulate the Security of individuals’ personal data and regulate the collection, usage, transfer, and disclosure of the said data. Also, they provide access to data of the individuals and place accountability measures for organizations processing personal data. Supplements it by providing remedies for unauthorized and harmful processing, and increase in user-generated data. As our personal data can be shared across the globe for any usage such as business, job, etc so the exponential industrial value of data has been needed.

Digital data protection
Digital data protection

Digital data protection bill, 2022

  • It defines the rights and duties of ‘digital nagriks’ or citizens while laying out the process and rules for data collection when it comes to companies.
  • It imposes huge penalties for violations of any provisions of the legislation.
  • The data protection board of India will be created according to this law and will be responsible for supervising the process by which companies are making data.
  • Orders of the board can be challenged in a higher court.
  • The law is based on the use of personal data by organizations and institutions must be done in a manner that is lawful, fair to the individuals concerned, and transparent to individuals.
  • Personal data must only be used for the reasons for which it was collected.
  • We must do data minimization that is unnecessary or irrelevant data or information should be minimized.
  • Taking care of data accuracy when it comes to collection.
  • Personal data that is collected cannot be stored perpetually by default and storage should be limited to a fixed time period.
  • There should be reasonable safeguards to ensure there is no unauthorized collection or processing of personal data.
  • The person who decides the aim and means of the processing of personal data should be accountable for such processing.
  • There are two terms used in it that is data principal and data fiduciary, ‘Data Principal denotes the individual whose data is being collected. ‘Data Fiduciary’ denotes the entity which decides the purpose and means of the processing of an individual’s personal data.
  • In the case of children, their parents or lawful guardians will be considered their ‘Data Principals’
  • Personal data is “any data through which or in relation to which an individual can be identified”.
  • Processing defines the entire cycle of operations that can be carried out in respect of individual data.  
  • Every individual should know what items of personal data a Data Fiduciary is willing to collect and the purpose of such collection and further processing.
  • Individuals also have the right or the authority to withdraw consent from a Data Fiduciary.
  • They will provide grievance redressal and an independent Data auditor.
  • It allows for cross-border storage and transfer of data to ‘certain notified countries and territories.
  • Significant penalties on businesses that undergo data breaches or failed to inform users when breaches happen can go as high as Rs 250 crore.
  • The government could also exempt certain businesses from adhering to the provision of the Bill.


Data protection
  • Widely ranged exemptions to the center and its agencies.
  • Just 30 clauses compared to the more than 90 in the previous data protection bill of 2019.
  • The appointment of the chairperson and members of the Data Protection Board totally goes to the discretion of the central government.

Comparison with other countries

  • 137 out of 194 countries have data protection bills.
  • Africa and Asia showed 61% and 57% adoption respectively.
  • Only 48% of least-developed countries have data protection and privacy laws.
  • European Model- The GDPR emphasizes mainly on a comprehensive data protection law for the processing of personal data.
  • The right to privacy is set down as a fundamental right.
  • European Charter of Fundamental Rights recognizes the right to privacy as well as the right to protection of personal data,
  • US Model- “liberty protection”
  • Individual’s personal space from the government.
  • Enables collection of personal information as long as the person is informed of such collection and use.
  • The approach to data protection is different for the public and private sectors.
  • The activities and powers of the government’s personal information are sufficiently well-defined and addressed by broad legislation.
  • Privacy Act, the Electronic Communication Privacy Act, etc.
  • China Model– Personal Information Protection Law(PIPL) which was notified in November 2021.
  • It gives Chinese data principals new rights as it offers to prevent the misuse of personal data.
  • Penalties are RMB 50 million, or up to 5% of a company’s turnover in the previous financial year.
  • Suspend operations until they demonstrate compliance.
  • Impacts on individuals with anyone directly responsible for data protection personally facing fines of up to RMB 1 million.

Read more on TechRuled

Leave a Reply

Your email address will not be published. Required fields are marked *