Information and Broadcasting Minister Prakash Javadekar said the Bill will be introduced in Parliament during the current Winter Session.
Digital Personal Data Protection (DPDP) law aims to protect the privacy of Indian citizens while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect digital data of individuals.
A new law that defines how companies should process users' data came into force with the President giving assent to the Digital Personal Data Protection (DPDP) Act passed by Parliament in the just-concluded monsoon session. The law arms individuals with greater control over their data while allowing companies to transfer users' data abroad for processing, except to nations and territories restricted by the Centre through notification. It also gives the government power to seek information from firms and issue directions to block content.
The US on Thursday raised concerns over India's Personal Data Protection (PDP) Bill and draft non-personal data governance framework, claiming these could potentially threaten innovation and economic growth. In its latest 'Special 301' Report, the US Trade Representative (USTR) kept India on the priority watch list, maintaining the country remains one of the world's most challenging major economies with respect to protection and enforcement of intellectual property (IP). In December 2021, a joint parliamentary committee released a report recommending changes to the PDP Bill, 2019, that could undermine important IP protections in India.
The data protection bill introduced in Parliament on Thursday enables the government "to call for information" from data protection board, data collecting entities or intermediary, and safeguards the Centre from legal proceedings for "action taken in good faith" under the provisions of the legislation.
The biggest fear many of the e-commerce firms have is the possible requirement to change business models overnight, which would drastically increase costs as well as disrupt businesses.
The government on Wednesday withdrew the Personal Data Protection Bill from Lok Sabha and said it will come out with a 'set of fresh legislations' that will fit into the comprehensive legal framework.
Journalists will be exempted from seeking consent of individuals before collecting and reviewing their personal data to be used in news reports.
Hours after Congress leader Manish Tewari on Thursday said the government might get the Digital Data Protection Bill classified as a money bill, Union IT Minister Ashwini Vaishnaw refuted the charge and termed it a "normal bill".
The JCP was constituted in the Lok Sabha in December 2019 and was expected to submit its report in the Budget Session.
After the first draft of the Bill was submitted under a committee chaired by Justice B N Srikrishna in 2018, there were objections raised by businesses, especially on the broad restrictions on cross-border data flow.
The proposed law seeks bars on storing and processing of personal data by entities without the explicit consent of an individual. It, however, provides for exemptions for "reasonable purposes" such as "prevention and detection of any unlawful activity including fraud, whistle-blowing, merger and acquisitions, network and information security, credit scoring, recovery of debt, processing of publicly available personal data and the operation of search engines".
'There were two options before the government -- create a complex, cumbersome law, which will cause a tremendous amount of compliance challenges for startups or say let's go back and do a clean slate, where we do a framework of laws and policies'
After withdrawing the personal data protection bill, the government is hopeful of getting a new legislation passed by the next Budget session of Parliament, Union minister Ashwini Vaishnaw has said. The government on Wednesday withdrew the Personal Data Protection Bill from the Lok Sabha. The Joint Committee on Personal Data Protection Bill, 2019, headed by BJP member P P Chaudhary, had tabled its report in Lok Sabha on December 16, 2021.
The Rajya Sabha on Wednesday passed the Digital Personal Data Protection Bill 2023 by voice vote following a walkout by opposition members over the Manipur issue.
The final report was to be submitted in March but it got an extension till the second week of the monsoon session that began September 14.
Sections in the draft Personal Data Protection Bill are a blatant violation of the Right to Privacy as guaranteed by the Constitution.
The draft rules have been issued after Parliament approved the Digital Data Protection Bill 2023 about 14 months back.
The "construct of the DPDP Act" cannot be changed at this stage, though there may be some minor tweaks in the language of the Rules and formats in certain legitimate cases.
The report touches on variety of issues including consent, rights of children, data protection authority and right to recall data.
The proposals are mostly based on a report submitted by Justice B N Srikrishna in July 2018. The draft Bill has since gone through at least two updates based on inputs received from industry, report Yuvraj Malik and Peerzada Abrar.
The government on Thursday tabled the Digital Personal Data Protection Bill 2023 in the Lok Sabha with an aim to protect the privacy of Indian citizens, while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect digital data of individuals.
The joint committee of Parliament examining the Personal Data Protection Bill, 2019 has adopted its report on the bill with several opposition MPs, including those from the Congress, Ttrinamool Congress and Biju Janata Dal, submitting their dissent notes.
After withdrawing the personal data protection bill, the government is hopeful of getting a new legislation passed by the next Budget session of Parliament, Union Minister Ashwini Vaishnaw has said.
The new rules allow for a staggered implementation road map, giving companies, data fiduciaries, data principals, and other stakeholders up to 18 months to comply with the administrative guidelines under the DPDP Act.
Since the deadline for Justice B N Srikrishna Committee's feedback is December 31, the government is unlikely to table a data protection Bill in the winter session of Parliament.
"Critical data which has to be resided in India is an important component that needs to be clarified, as this will be arguably uncovered on an ad hoc basis as we move forward."
Representatives of Facebook India have been asked to appear on Friday before the Joint Committee on the Personal Data Protection Bill, 2019, chaired by Bharatiya Janata Party MP Meenakshi Lekhi, while Twitter officials are required to appear before the panel on October 28, as per the notice issued by the Lok Sabha Secretariat.
Significant controls and exemptions to the government under the proposed Digital Personal Data Protection bill 2022 are likely to make it harder for companies to invest in data centres and data processing activities in India, according to global technology industry body ITI. The ministry of electronics and IT has floated draft Digital Personal Data Protection (DPDP) Bill 2022 and has invited comments on the same till January 2. "The Bill grants significant controls to the executive arm of GOI (Government of India) and delegates much of the detailed rulemaking authority to separate, as yet undefined processes.
...on par with oil, power, and defence, and to restrict its storage under foreign control.
During an open house discussion with stakeholders on the draft Digital Personal Data Protection (DPDP) bill 2022, Chandrasekhar said that the right to privacy is a fundamental right while the right to information is not. "Right to privacy is a fundamental right and right to information is not.
If the Personal Data Protection Bill gets passed in its present form, a new class of companies and entities could emerge. The sole job of these new entities would be to manage the consent for data usage of a user.Banks, healthcare firms and fintech companies, among others, fear that sharing non-personal data with the government may hurt business interests. Banks also fear the threat of data misuse.
The government has raised the penalty amount to up to Rs 500 crore for violating the provisions proposed under the draft Digital Personal Data Protection Bill 2022 issued on Friday. The draft personal data protection bill in 2019 proposed a penalty of Rs 15 crore or 4 per cent of the global turnover of an entity. The draft proposes to set up a Data Protection Board of India, which will carry on functions as per the provisions of the bill.
An industry representative and an academician had expressed their reservations during the deliberations, says Srikrishna
'If Indians are to be truly protected, Parliament must review and address these dangerous provisions before they become law.'
The government will "notify such countries or territories outside India to which a data fiduciary may transfer personal data", according to the draft unveiled on Friday for public feedback.
Even as outsourcing demand from Europe revives after the debt crisis, data protection regulations in the region governing trans-border data flows could hurt the $108 billion Indian IT-ITeS industry.
Inputs from religious texts, scriptures of local dialects and inspirational word-of-mouth stories will also be included.
In a first of its kind move, the Indian Railways Catering and Tourism Corporation (IRCTC), the ticket booking arm of the Indian Railways, is looking to monetise its bank of passenger data while conducting business with private and government companies. IRCTC has a large bank of data related to every online railway ticket ever generated as it is the country's only railway ticketing platform, an IRCTC official told Business Standard. The public sector undertaking, which has sought the services of a consultant to assist with the monetisation process, plans to raise Rs 1,000 crore through this exercise.
© 2026 Rediff.com - Investor Information - Advertise with us - Disclaimer - Privacy Policy - Sitemap - Feedback - About us - Terms of use - Grievances