Understand the Data Protection Bill 2022 in under 5 minutes

Data Protection Bill 2022

In light of digitalization and growth of the economy enabling citizens of India to access the internet for various purposes, the Government of India has brought forward the Personal Data Protection Bill, 2022.

This bill aims to moderate the access to personal data of the citizens collected by different companies for lawful purposes in an automated manner. It focuses on recognizing the rights of individuals to protect their personal data and different organizations need to process such personal data.

Key highlights:

For the purpose of this Act, a board to be called the Data Protection Board of India shall be established, which will monitor organizations for non-compliance, violations, and in case of a breach, provide directions to remediate the situation.

Now, coming to the most important part, the matters of money – the bill proposes financial penalties on the organizations in case of non-compliance.

For failure to set up reasonable security measures to prevent data breaches, a fine of up to ₹250Cr will be imposed on organizations.

For failure to notify the board and individuals of a data breach and non-compliance in relation to rules for the underage, a fine of up to ₹200Cr will be imposed.

Failure to non-compliance with various other sections of the Act will result in a fine anywhere from ₹10,000 to ₹150Cr as per the specifics mentioned in the Bill.

The bill highlights the appointment of a Data Protection Officer based in India, by a Data Fiduciary (any person or organization determining the purpose and means of the processing of personal data) to monitor the whole process. Data collected here includes data collected online, collected offline later to be digitized in an automated manner. It does not include data collected offline, for personal or domestic purposes, or data that has already been on record for at least 100 years.

Other Highlights of the bill:

Another important point mentioned in this act is that in case of a data breach, it will be obligatory for the organization/data fiduciary to inform authorities and every affected individual about the breach. Focusing on data retention done by social media platforms, it has been made obligatory under this bill to remove any personal data belonging to an individual if they no longer use such platform within a reasonable duration of time. Personal data sharing among various organizations (third-party sharing) would also be restricted by the contract and consent of the individual.

This bill makes it obligatory for any Data Fiduciary to take consent of an individual before processing and storing data, through a prior notice listing the data that will be collected and the need for collecting it along with contact details of the Data Protection Officer. For data that already has been collected before the commencement of this bill, the same process of intimation needs to be followed. In case an individual at some point of time wants to withdraw their consent to the processing of personal data, the organization/data fiduciary must, within a reasonable time, cease the processing. This can be understood by an example of unsubscribing to a mailing list or SMS notifications.

To curb the major issue of online crime against children (everyone individual underage of 18), the government has sought to make it obligatory for organizations to collect “Parental Consent” before processing any personal data.

Critical Review:

The bill presents good efforts by the government in order to streamline the process of accumulating personal data with a central authority on the top. However, it comes with certain exemptions that are not clearly defined. Under Clause 18(1c), the bill suggests that data processing is exempt from the other clause if it is in the interest of national security, that is, for prevention and detection of any offence under the law. In addition, under Clause 18(2), it clearly states that the central government is exempted from the provisions of the bill in the interest of sovereignty, integrity, security and maintenance of public order, and for statistical purposes.

The need for a clearer view of the exemption of the central government is necessary as the current statements may be interpreted in a vague manner without any accountability on the government’s end.

Conclusion:

The overall outlook of this bill intends to portray the accountability of organizations while processing any personal data and the need for securing personal data in the current geopolitical scenario with China. Accounting to 47% of the total population in India using the internet for various purposes including online transactions, E-commerce, social media, etc., and increased cyber-crimes in terms of data breaches and national security, it is necessary to strictly monitor organizations and hold them accountable for any shortcomings.

For a detailed view of the bill, refer to MEITY website.

Subscribe to our Newsletter
Subscription Form

Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments.

Subscribe to our newsletter

Subscription Form

Services

Products

Conference

Resources

About

Iot Security Testing
Red Team Assessment
Product Security
AI/ML Security Audit
Web Security Testing
Mobile Security Testing
DevSecOps Consulting
Code Review
Cloud Security
Critical Infrastructure
SOC Service
ExPLIoT
CloudFuzz
Nullcon
Hardwear.io
Blog
E-Book
Advisory
Media
Case Studies
MasterClass Series
BugBazaar
Securecode.wiki
About Us
Career
News
Contact Us
Payatu Bandits
WhatsApp Community
Hardware-Lab
Disclosure Policy
Corporate Partners
Youtube Linkedin Facebook Twitter Instagram Whatsapp
DOWNLOAD THE DATASHEET

Fill in your details and get your copy of the datasheet in few seconds

CTI Report
DOWNLOAD THE EBOOK

Fill in your details and get your copy of the ebook in your inbox

Ebook Download
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Mobile Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Web App Sample Report

Let’s make cyberspace secure together!

Requirements

Connect Now Form

What our clients are saying!

Trade Ledger takes privacy and security of it’s customers and system very seriously. We needed an independent audit to check our systems, and wanted to partner with a team that understands the compliance environment of banks.
MARTIN MECCAN
MARTIN MECCANCEO - TradeLedger Australia

Trusted by