Governance & Risk Management , Privacy , Standards, Regulations & Compliance

Data Protection Bill Draft Released

Long-Awaited Proposal Covers Data Storage, Privacy Issues and More
Data Protection Bill Draft Released
Justice B.N. Srikrishna

The Ministry of Electronics and Information Technology late Friday released the long-awaited Data Protection Bill of India. The bill, which would require most data about Indians to be stored domestically, was drafted by a 10-member committee of experts headed by Justice B.N. Srikrishna.

See Also: The Biggest & Boldest Data Breaches & Insider Threats of 2023

The committee handed the report to IT Minister Ravi Shankar Prasad, wrapping up nearly one year of deliberations that touched upon sensitive and controversial issues.

The 67-page Personal Data Protection Bill, 2018 addresses the following issues:

  • Data protection obligations;
  • Grounds for processing of personal data, including sensitive data;
  • Protecting the data of children;
  • Transparency and accountability measures;
  • Transfer of personal data outside of India;
  • Exemptions in areas where the Act will not apply;
  • Having data protection authority of India;
  • Penalties and remedies;
  • An appellate tribunal;
  • Transitional provisions of data protection officers and authorities in charge of data protection.

The bill must be approved by Parliament and gain the president's signature to become a law.

"It is a monumental law and we would like to have widest parliamentary consultation," Prasad said. "We want the Indian data protection law to become a model globally, blending security, privacy, safety and innovation."

Justice Srikrishna says privacy has become a hot issue, and every effort has to be made to protect data at any cost.

Data Storage

The bill proposes that India require that critical data be domestically stored in most cases, with data mirrored in certain circumstances (see: Will RBI's Local Data Storage Mandate Be Relaxed?).

The proposed legislation would place the following restrictions on cross-border transfer of personal data:

  • Every data fiduciary must ensure the storage, on a server or data center located in India, of at least one serving copy of personal data to which this Act applies;
  • The central government must designate categories of personal data as critical personal data that will only be processed in a server or data center located in India;
  • The central government will designate certain categories of personal data as exempt from the requirement of domestic storage on the grounds of necessity or strategic interests.

The bill also would require that technology used in the processing of personal data comply with commercially accepted or certified standards. It also would require that the processing of personal data be carried out in transparent manner.

Security Safeguards

Under the bill, all organziations would be required to use security measures, including de-identification and encryption, to ensure privacy is maintained. The proposed legislation also would require organizations to ensure proper steps are taken to prevent misuse, unauthorized access and disclosure and destruction of personal data.

"Every data fiduciary and data processor shall undertake a review of its security safeguards periodically as may be specified and may take appropriate measures accordingly," the bill says.

Another provision of the bill would require organizations that collect genetic data or biometric data undertake a data protection impact assessment.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.