Context :
Digital
Personal Data Protection Bill tabled in Lok Sabha .. 03
Aug 2023 / Business Line
Extract :
The
much-awaited Digital Personal Data Protection Bill (DPDP) was tabled in the Lok
Sabha on Thursday prescribing how personal data can be collected, processed,
safeguarded and prescribing penalties up to ₹250 crore in case of breaches. The
bill contains wide-ranging exemptions to the government and has provisions for
setting up of a regulator — the Data
Protection Board — which will be appointed by the government.
The government clarified that the bill was not being presented as
a “money bill”.
What the bill offers
Digital platforms will need to take unconditional, free, specific and informed consent from users for
processing their data.
The “ data principal ” ( USER ? ), shall have the right to
access information about personal data for which consent has been
previously given.
At any
point, the data principal shall have
the right to :
# Correction,
# Completion,
# Updating and,
# Erasure
- of her
personal data for the processing of which she has previously given consent.”
- This
means that users have the right to withdraw
consent at any point after which the platforms must stop processing their data and
erase it.
For erasure of data, “the data
principal shall make a
request in such manner as may
be prescribed to the
data fiduciary for erasure
of her personal data and upon
receipt of such a request the data fiduciary shall erase her personal data
unless retention of the same is necessary for the specific purpose or for
compliance with any law…”.
Chapter V of the Bill envisages setting up of the Data Protection Board
of India.
My Take :
Dear Shri
Ashwini Vaishnawji ,
Congratulations on
introducing DPDP bill in Lok Sabha
The bill proposes to place in the hands of a DATA OWNER ( data principal ), a lot
of CONTROLS to
ensure that :
# the Data Fiduciary does not collect any data without SPECIFIC and INFORMED
consent of a Data Owner
# Data owner can grant - revoke consent / correct , complete, Update , Erase her
data at any time
The Bill envisages a Data Owner to “ make a request “ to Data Fiduciary “ as may
be prescribed “
I request you to “ PRESCRIBE “ to Data Fiduciary, following Dashboard , which
can be ACCESSED by any
DASHBOARD “ ), which must be displayed PROMINENTLY on its website
Clicking on any “ Nature of Data “ ( link ) , will open up a FORM in which Data
Owner would need to submit the
To ensure that the Data Fiduciary collects only the data which it requires to deliver
“ SPECIFIC
SERVICE “ ,
# Mandate use of only that FORM ( for each “ nature “ ) which the BOARD has
designed ( data fields )
At the bottom of
each FORM , there will be clear write-up , which spells out :
Ø
How
the collected data will be processed
Ø
How
the collected data will be “ Used “ by Data Fiduciary ( eg : for targeted advt
/ selling )
Ø
In
return for granting use of her data , what “ service “ will she get
This write-up will need to be APPROVED in advance by Data Protection Board . No
subsequent changes
can be
Board
With regards,
Hemen Parekh
www.hemenparekh.ai /
04 Aug 2023
Related Readings :
Ø Only
Answer : a Statutory Warning ………………………………………. 10 Nov 2018
Ø Erasing
Personal Data ? ………………………………………………………….. 21
Apr 2023
Ø SARAL ( Single Authentic Registration
for Anywhere Login )…. 10 Feb 2019
Ø Digital Dividend from Demographic Data [
4 D ]………… ……………. 14 Feb 2019
No comments:
Post a Comment