The draft data protection bill will create a framework for all stakeholders in the digital economy to be more responsible while dealing with customer's personal data, the industry said today.
The proposed Personal Data Protection Bill, along with a report on protection of privacy, was submitted to the government on Friday.
The report, titled “A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians”, has been much-awaited for its implications on data handling and processing practices by government departments and companies, both Indian and foreign.
The report has suggested steps for protecting personal information, outlined the role of data processors, provided guidelines for data storage, and penalties for infringing on privacy.
The Bill has proposed stringent penalties in case of any violation or misuse of personal data by public or private entities.
The draft personal data protection Bill has mandated that explicit consent must be taken for processing sensitive personal data like biometrics, sexual orientation, and religious or political belief.
Failure to take prompt action on a data security breach can attract up to Rs 5 crore or 2 per cent of turnover, whichever is higher, as penalty.
The draft has also asked the Centre to identify "critical personal data" that would have to be mandatorily processed within Indian borders, a move that is likely to have implications for technology firms, especially those in areas like finance and healthcare.
According to the Bill, processing of personal data should be done only for the purpose it was collected or for compliance of any law, employment and for any function of Parliament or any state legislature.
‘Sensitive personal data’ comprises passwords, financial data, health data, sex life, sexual orientation, biometric data, genetic data, caste or tribe and religious or political belief or affiliation.