The latest draft of India’s data protection law – the Digital Personal Data Protection Bill, 2022 (DPDP Bill, 2022) was released on November 18th. It is the fourth iteration of the bill in an ongoing effort to develop a “comprehensive” legal framework that is aligned with contemporary privacy laws, emerging data protection standards and constantly evolving nuances of the digital ecosystem. Since its first release in 2018, the draft, has undergone extensive changes and revisions, to make it adequate, comprehensive and future proof particularly in the context of the right to informational privacy being upheld as a ‘fundamental right’ by the Supreme Court in 2017. The current draft retains some of the clauses from previous versions but makes a significant departure on many counts. This blog looks at the core principles and the salient features of the latest draft.
The DPDP Bill, 2022 is formulated keeping in mind the seven core principles namely lawful, fair and transparent processing; purpose limitation; data minimization; accuracy of personal data; storage limitation; integrity and confidentiality; and accountability. The reworked version incorporates hefty penalties for non-compliance, relaxes rules on cross-border data flows and recognizes the right to post-mortem privacy, among others. The key highlights of the legislation are presented below.
To conclude, the bill in its current version is an attempt by the Government to formulate a simplified, yet a comprehensible law on data protection as opposed to the earlier Personal Data Protection Bill (2019) which was criticised by businesses and start-ups for being compliance-intensive. While the current draft appears to have weighed in on the concerns around localisation, a consent-heavy architecture, and enhanced compliance obligations among others, certain provisions such as those offering exemptions to the state’s processing of personal data coupled with lack of clarity in operational details and lower safeguards for data principals are among the key concerns flagged by experts. The government believes that in its current form, the proposed law leaves sufficient window for adaptation as the digital ecosystems evolve, but the true efficacy and impact of DPDB Bill, 2022 will have to be time-tested.
To get daily updates on the critical vulnerabilities being exploited by threat actors, subscribe to SISA Daily Threat Watch – our daily actionable threat advisories.
For a deeper understanding of how you can prevent these threats from affecting your organization, request a call to get in touch with our experts.
Customer Success Stories
SISA Radar – Data Discovery and Classification Tool
Fast | Accurate | Reliable
Get Daily Updates on our Latest Threat Advisories