/wion/media/agency_attachments/2024/12/26/2024-12-26t112006978z-wion-white-logo-for-website-2-1.png){kind=logo}
/wion/media/agency_attachments/2024/12/13/2024-12-13t071548098z-wionlogo.webp)
/wion/media/member_avatars/sites/default/files/styles/medium/public/2020/10/30/167427-manas.jpg)
/wion/media/member_avatars/sites/default/files/styles/medium/public/2020/10/30/167427-manas.jpg)
/wion/media/post_attachments/files/2018/09/12/36283-untitled%252520design%252520%252885%2529-20171220070339.jpg)
New Delhi
India's Information Technology ministry on Friday (November 18) proposed a new draft of country's digital personal data protection bill. The provisions in the bill allow cross-border transfer of some users' data with "certain notified countries and territories". This is being considered a relief to Big Tech. Some social media giants have been at odds with Indian government in recent years over the issue of personal data.
The government in August withdrew the contentious Personal Data Protection (PDP) Bill that saw 81 amendments in the past three years, aiming to introduce a new, sharper bill that fits into the comprehensive legal framework and protects the data of billions of citizens.
"The Central government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified," the new draft bill read.
The new bill has also has provision of harsh penalties of up to USD 30 million if companies fail to prevent data breaches.
"Failure of Data Processor or Data Fiduciary to take reasonable security safeguards to prevent personal data breach under sub-section (4) of section 9 of this Act" will cost a maximum penalty of USD 30 million.
"Personal data breach" means any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction of or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data," the draft bill said.
The bill has now been made public for consultation. The ministry will hear views and suggestions from the public until December 17.
"The purpose of this Act is to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process personal data for lawful purposes, and for matters connected therewith or incidental thereto," said the draft.
On the matter of data storage, the draft bill says that "the storage should be limited to such duration as is necessary for the stated purpose for which personal data was collected".
Similar to Europe`s GDPR, the proposed Indian bill will apply to companies operating in the country and to any entities processing the data of Indian citizens.
Rupinder Malik, Partner at law firm JSA, said that the draft bill has simplified the proposed data protection regime and done away with some contentious clauses which caused industry pushback in earlier versions.
"Particularly, data mirroring, data localisation requirements, and overall compliances appear to be limited compared to the previous Bill. The legislative intent appears to be tech and IT business friendly, focused on facilitating cross-border data flows," said Malik.
(With inputs from agencies)
You can now write for wionews.com and be a part of the community. Share your stories and opinions with us here.
WATCH WION LIVE HERE