India’s remarkable PERSONAL DATA PROTECTION BILL

Because this is proposed by the government, passage is likely. Yet again, the developing world is pulling ahead on important policies. India also has advanced net neutrality.  

The Hindu summarizes: “The proposed Data Protection Bill 2018 essentially makes individual consent central to data sharing. The report notes that the right to privacy is a fundamental right. Unless you have given your explicit consent, your personal data cannot be shared or processed. Of course, this also means that the onus lies on you to make an informed choice.

Next, the draft bill also states that any person processing your personal data is obligated to do so in a fair and reasonable manner. In other words, your data should be processed only for the purposes it was intended for in the first place. Failing to meet these provisions can cost companies dear, with the bill laying down penalties that can go up to ₹15 crore or 4 per cent of a company’s total worldwide turnover.

This is the index of the 62 page proposed bill:

THE PERSONAL DATA PROTECTION BILL, 2018 CHAPTER I PRELIMINARY 1. Short title, extent and commencement.—…………………………………………………………………….. 1 2. Application of the Act to processing of personal data.—……………………………………………….. 1 3. Definitions.— In this Act, unless the context otherwise requires, —……………………………….. 2 CHAPTER II DATA PROTECTION OBLIGATIONS 4. Fair and reasonable processing.— ………………………………………………………………………………. 6 5. Purpose limitation.— ………………………………………………………………………………………………… 6 6. Collection limitation. —. …………………………………………………………………………………………… 7 7. Lawful processing.—………………………………………………………………………………………………… 7 8. Notice.—…………………………………………………………………………………………………………………. 7 9. Data quality.—…………………………………………………………………………………………………………. 8 10. Data storage limitation.— ………………………………………………………………………………………… 8 11. Accountability.—……………………………………………………………………………………………………. 9 CHAPTER III GROUNDS FOR PROCESSING OF PERSONAL DATA 12. Processing of personal data on the basis of consent.—…………………………………………………. 9 13. Processing of personal data for functions of the State. — …………………………………………… 10 14. Processing of personal data in compliance with law or any order of any court or tribunal. — 10 15. Processing of personal data necessary for prompt action. — ………………………………………. 10 16. Processing of personal data necessary for purposes related to employment. —……………… 10 17. Processing of data for reasonable purposes. —………………………………………………………….. 11 CHAPTER IV GROUNDS FOR PROCESSING OF SENSITIVE PERSONAL DATA 18. Processing of sensitive personal data based on explicit consent. —……………………………… 11 19. Processing of sensitive personal data for certain functions of the State. — …………………… 12 20. Processing of sensitive personal data in compliance with law or any order of any court or tribunal. — …………………………………………………………………………………………………………… 12 21. Processing of certain categories of sensitive personal data for prompt action. —…………… 12 ii 22. Further categories of sensitive personal data.— ………………………………………………………… 13 CHAPTER V PERSONAL AND SENSITIVE PERSONAL DATA OF CHILDREN 23. Processing of personal data and sensitive personal data of children. —………………………… 13 CHAPTER VI DATA PRINCIPAL RIGHTS 24. Right to confirmation and access. — ……………………………………………………………………….. 14 25. Right to correction, etc.—………………………………………………………………………………………. 14 26. Right to Data Portability. — …………………………………………………………………………………… 15 27. Right to Be Forgotten. —……………………………………………………………………………………….. 16 28. General conditions for the exercise of rights in this Chapter. —………………………………….. 16 CHAPTER VII TRANSPARENCY AND ACCOUNTABILITY MEASURES 29. Privacy by Design. — ……………………………………………………………………………………………. 17 30. Transparency. —…………………………………………………………………………………………………… 18 31. Security Safeguards.—…………………………………………………………………………………………… 18 32. Personal Data Breach.— ………………………………………………………………………………………… 18 33. Data Protection Impact Assessment. —……………………………………………………………………. 19 34. Record-Keeping. — ………………………………………………………………………………………………. 20 35. Data Audits. —……………………………………………………………………………………………………… 20 36. Data Protection Officer. — …………………………………………………………………………………….. 21 37. Processing by entities other than data fiduciaries. — …………………………………………………. 22 38. Classification of data fiduciaries as significant data fiduciaries. — ……………………………… 22 39. Grievance Redressal. —…………………………………………………………………………………………. 23 CHAPTER VIII TRANSFER OF PERSONAL DATA OUTSIDE INDIA 40. Restrictions on Cross-Border Transfer of Personal Data. —……………………………………….. 23 41. Conditions for Cross-Border Transfer of Personal Data. —………………………………………… 24 CHAPTER IX EXEMPTIONS 42. Security of the State.— ………………………………………………………………………………………….. 25 43. Prevention, detection, investigation and prosecution of contraventions of law.—………….. 25 iii 44. Processing for the purpose of legal proceedings.—……………………………………………………. 26 45. Research, archiving or statistical purposes. — ………………………………………………………….. 27 46. Personal or domestic purposes. —…………………………………………………………………………… 27 47. Journalistic purposes.— …………………………………………………………………………………………. 28 48. Manual processing by small entities.— ……………………………………………………………………. 28 CHAPTER X DATA PROTECTION AUTHORITY OF INDIA 49. Establishment and incorporation of Authority.—………………………………………………………. 29 50. Composition and qualifications for appointment of members.—…………………………………. 29 51. Terms and conditions of appointment.—………………………………………………………………….. 30 52. Removal of members.— ………………………………………………………………………………………… 30 53. Powers of the chairperson.— ………………………………………………………………………………….. 31 54. Meetings of the Authority.— ………………………………………………………………………………….. 31 55. Vacancies, etc. not to invalidate proceedings of the Authority.—………………………………… 31 56. Officers and Employees of the Authority.— …………………………………………………………….. 31 57. Grants by Central Government.— …………………………………………………………………………… 32 58. Accounts and Audit —…………………………………………………………………………………………… 32 59. Furnishing of returns, etc. to Central Government.—…………………………………………………. 32 60. Powers and Functions of the Authority.—………………………………………………………………… 33 61. Codes of Practice.—………………………………………………………………………………………………. 35 62. Power of Authority to issue directions.—…………………………………………………………………. 36 63. Power of Authority to call for information.— …………………………………………………………… 37 64. Power of Authority to conduct inquiry. — ……………………………………………………………….. 37 65. Action to be taken by Authority pursuant to an inquiry.—………………………………………….. 38 66. Search and Seizure.— ……………………………………………………………………………………………. 39 67. Coordination between the Authority and other regulators or authorities.—…………………… 40 68. Appointment of Adjudicating Officer.—………………………………………………………………….. 41 CHAPTER XI PENALTIES AND REMEDIES 69. Penalties.— ………………………………………………………………………………………………………….. 41 70. Penalty for failure to comply with data principal requests under Chapter VI.—…………….. 42 71. Penalty for failure to furnish report, returns, information, etc.—…………………………………. 42 iv 72. Penalty for failure to comply with direction or order issued by the Authority.—…………… 43 73. Penalty for contravention where no separate penalty has been provided.— ………………….. 43 74. Adjudication by Adjudicating Officer.—………………………………………………………………….. 43 75. Compensation.—…………………………………………………………………………………………………… 44 76. Compensation or penalties not to interfere with other punishment.— ………………………….. 45 77. Data Protection Funds.—……………………………………………………………………………………….. 45 78. Recovery of Amounts.—………………………………………………………………………………………… 46 CHAPTER XII APPELLATE TRIBUNAL 79. Establishment of Appellate Tribunal.—……………………………………………………………………. 47 80. Qualifications, appointment, term, conditions of service of members.—………………………. 48 81. Vacancies.— ………………………………………………………………………………………………………… 48 82. Staff of Appellate Tribunal.— ………………………………………………………………………………… 48 83. Distribution of business amongst benches.— ……………………………………………………………. 48 84. Appeals to Appellate Tribunal.— ……………………………………………………………………………. 49 85. Procedure and powers of Appellate Tribunal.—………………………………………………………… 49 86. Orders passed by Appellate Tribunal to be executable as a decree.— ………………………….. 50 87. Appeal to Supreme Court of India.— ………………………………………………………………………. 50 88. Right to legal representation.— ………………………………………………………………………………. 50 89. Civil court not to have jurisdiction.—………………………………………………………………………. 51 CHAPTER XIII OFFENCES 90. Obtaining, transferring or selling of personal data contrary to the Act.—……………………… 51 91. Obtaining, transferring or selling of sensitive personal data contrary to the Act.—………… 51 92. Re-identification and processing of de-identified personal data. —……………………………… 52 93. Offences to be cognizable and non-bailable.— …………………………………………………………. 52 94. Power to investigate offences.—……………………………………………………………………………… 52 95. Offences by companies.— ……………………………………………………………………………………… 52 96. Offences by Central or State Government departments. —…………………………………………. 53 CHAPTER XIV TRANSITIONAL PROVISIONS 97. Transitional provisions and commencement. —………………………………………………………… 54 v CHAPTER XV MISCELLANEOUS 98. Power of Central Government to issue directions in certain circumstances. —……………… 55 99. Members, etc., to be public servants. —…………………………………………………………………… 55 100. Protection of action taken in good faith. — …………………………………………………………….. 55 101. Exemption from tax on income. —………………………………………………………………………… 55 102. Delegation. — …………………………………………………………………………………………………….. 55 103. Power to remove difficulties. — ……………………………………………………………………………. 56 104. Power to exempt certain data processors.— ……………………………………………………………. 56 105. No application to non-personal data……………………………………………………………………….. 56 106. Bar on processing certain forms of biometric data……………………………………………………. 56 107. Power to make rules. — ……………………………………………………………………………………….. 56 108. Power to make regulations. — ………………………………………………………………………………. 58 109. Rules and Regulations to be laid before Parliament.—……………………………………………… 59 110. Overriding effect of this Act. — ……………………………………………………………………………. 60 111. Amendment of Act 21 of 2000. —…………………………………………………………………………. 60 112. Amendment of Act 22 of 2005. —…………………………………………………………………………. 60 THE FIRST SCHEDULE ……………………………………………………………………………………………………. 61 THE SECOND SCHEDULE…………………………………………………………………………………………………. 62

Leave a Reply

Your email address will not be published.

Scroll to top