Info-tech

Draft data protection Bill may be tabled in Parliament during Winter Session

PTI New Delhi | Updated on September 17, 2018 Published on September 17, 2018

The Bill suggests steps for safeguarding personal information, defining obligations of data processors as also rights of individuals, and proposed penalties for violation   -  Getty Images

The Centre is hopeful of introducing the draft Personal Data Protection Bill 2018 in the ensuing winter session of Parliament, a senior IT Ministry official said Monday.

The Bill was drafted by a high-level panel headed by Justice BN Srikrishna and following the submission of the draft Bill and data protection report in July-end, the IT Ministry had sought public feedback on the provisions by September 30.

The draft Bill moots seeking “explicit consent” for processing ‘sensitive personal information’ such as religious or political beliefs, sexual orientation and biometric details.

The senior official, who did not wish to be named, told reporters that the Ministry is hopeful that the legislation will be introduced in the winter session of Parliament (November-December), after taking into account suggestions and feedback received. The recommendations suggest steps for safeguarding personal information, defining obligations of data processors as also rights of individuals, and proposed penalties for violation.

The areas covered by the recommendations include consent, what comprises personal data including sensitive personal data, exemptions which can be granted, grounds for processing data, storage restrictions for personal data, individual rights and right to be forgotten.

Guarding privacy

The draft of the Personal Data Protection Bill, 2018 restricts and imposes conditions on the cross-border transfer of personal data, and suggests setting up of Data Protection Authority of India to prevent any misuse of personal information.

It provides for a penalty of ₹15 crore or 4 per cent of the total worldwide turnover of any data collection entity, including the State, for violation of personal data processing provisions.

Failure to take prompt action on a data security breach can attract a penalty of up to ₹5 crore or 2 per cent of turnover, whichever is higher.

Published on September 17, 2018
This article is closed for comments.
Please Email the Editor