Context :
Digital Personal Data Protection Bill tabled in Lok Sabha .. 03 Aug 2023 / Business Line
Extract :
The much-awaited Digital Personal Data Protection Bill (DPDP) was tabled in the Lok Sabha on Thursday prescribing how personal data can be collected, processed, safeguarded and prescribing penalties up to ₹250 crore in case of breaches. The bill contains wide-ranging exemptions to the government and has provisions for setting up of a regulator — the Data Protection Board — which will be appointed by the government.
The government clarified that the bill was not being presented as a “money bill”.
What the bill offers
Digital platforms will need to take unconditional, free, specific and informed consent from users for processing their data.
The “ data principal ” ( USER ? ), shall have the right to access information about personal data for which consent has been previously given.
At any point, the data principal shall have the right to :
# Correction,
# Completion,
# Updating and,
# Erasure
of her personal data for the processing of which she has previously given consent.”
This means that users have the right to withdraw consent at any point after which the platforms must stop processing their data and erase it.
For erasure of data, “the data principal shall make a request in such manner as may be prescribed to the data fiduciary for erasure of her personal data and upon receipt of such a request the data fiduciary shall erase her personal data unless retention of the same is necessary for the specific purpose or for compliance with any law…”.
Chapter V of the Bill envisages setting up of the Data Protection Board of India.
My Take :
Dear Shri Ashwini Vaishnawji ,
Congratulations on introducing DPDP bill in Lok Sabha
The bill proposes to place in the hands of a DATA OWNER ( data principal ), a lot of CONTROLS to ensure that :
# the Data Fiduciary does not collect any data without SPECIFIC and INFORMED consent of a Data Owner
# Data owner can grant - revoke consent / correct , complete, Update , Erase her data at any time
The Bill envisages a Data Owner to “ make a request “ to Data Fiduciary “ as may be prescribed “
I request you to “ PRESCRIBE “ to Data Fiduciary, following Dashboard , which can be ACCESSED by any
Data Owner by clicking a link ( called “ USER DASHBOARD “ ), which must be displayed PROMINENTLY on its
website
Clicking on any “ Nature of Data “ ( link ) , will open up a FORM in which Data Owner would need to submit the
Data
To ensure that the Data Fiduciary collects only the data which it requires to deliver “ SPECIFIC SERVICE “ ,
DATA PROTECTION BOARD must :
# Mandate use of only that FORM ( for each “ nature “ ) which the BOARD has designed ( data fields )
At the bottom of each FORM , there will be clear write-up , which spells out :
Ø How the collected data will be processed
Ø
Ø How the collected data will be “ Used “ by Data Fiduciary ( eg : for targeted advt / selling )
Ø
Ø In return for granting use of her data , what “ service “ will she get
Ø
This write-up will need to be APPROVED in advance by Data Protection Board . No subsequent changes can be
made in this write-up without prior permission of the Board
With regards,
Hemen Parekh
www.hemenparekh.ai / 04 Aug 2023
Related Readings :
Only Answer : a Statutory Warning ………………………………………. 10 Nov 2018
Erasing Personal Data ? ………………………………………………………….. 21 Apr 2023
SARAL ( Single Authentic
Digital Dividend from Demographic Data [ 4 D ]………… ……………. 14 Feb 2019
No comments:
Post a Comment