Almost six years after the Supreme Court ruled that privacy is a Constitutional right, the Digital Personal Data Protection Bill, 2023 was recently tabled in the Lok Sabha. There have been at least three different versions of the bill proposed in the past, with the most recent one being withdrawn from Parliament a year ago.
Exposures and penalties
Companies that collect personal information from their customers are required to provide more transparency about how the information will be used, inform customers of the identity and contact details of the company’s designated Data Protection Officer, and allow customers to request deletion or modification of their data. The duties set by the General Data Protection Regulation of the European Union and other comparable data protection regulations throughout the globe are similar to these.
Companies that do not adequately secure user data or fail to comply with disclosure requirements would be subject to penalties ranging from 50 crore to 250 crore, as proposed in the Bill.
The bill repeals Section 43A of the Information Technology Act of 2000, which mandates financial penalties for businesses that improperly handle customer information. According to official sources, this is because “compensation is a judicial process” and ex gratia payments are left up to the discretion of individual governments, while compensation may only be given under civil tort law.
Exceptions granted by the government
Exemptions for the “State and its instrumentalities” are broadly drafted throughout the Bill. To “fulfil any obligation under law,” for instance, processing of personal data is permissible “in the interest of the sovereignty and integrity of India or the security of the State.”
In the instance of authorized interception of data, companies are expressly excluded from the disclosure requirement that they inform users of the identification of other companies to whom their data would be transferred for processing.
Joint committee meeting
The Parliamentary Standing Committee on Communications and Information Technology adopted a previous version of the Bill. This week, opposition committee members accused the administration of deception, noting that the government had withdrawn this Bill and that the committee had not seen the new one. In a statement, committee head Prataprao Jadhav reaffirmed that the committee’s purview will end with the 2022 draught.
It refers to the safeguarding of digital information and communication technology by the government, private institutions, and people. Cybersecurity refers to the practice of protecting information systems, data, and online activities against intrusions including hacking, data breaches, identity theft, and cyberattacks. A quick summary of India’s digital security measures:
To further ensure the safety of digital assets, the government of India has devised a cybersecurity framework. The Indian Computer Emergency Response Team (CERT-In), for example, was established as a central entity for reacting to cybersecurity crises, and the country also has a National Cyber Security Policy (2013).
India is currently working on comprehensive data protection regulations to govern the gathering, storing, processing, and transmission of private information. The Personal Data Protection Bill, 2019, is a major reform in protecting people’s right to secrecy and security of their personal information.
Objective of the digital India programme
The goal of the Digital India program is to make India a leader in the information technology sector and create a thriving knowledge economy. It highlights the significance of cyber security and promotes the use of industry-wide cybersecurity best practises.
Safer online interactions are being prioritised via the development and promotion of various secure communication methods and technology. Encryption is used to safeguard confidential data and conversations.
Efforts are being undertaken to educate the public about cybersecurity risks and recommended practices. People and institutions are educated about the need of digital security via campaigns, seminars, and training programmes.
To further develop cybersecurity measures, the government works with commercial sector firms, academic institutions, and international organisations. In order to effectively combat new cyber dangers, it is crucial that the public and commercial sectors work together to share threat information.
Industries including energy, banking, transportation, and healthcare are provided additional protection from cyber attacks. To avoid interruptions and protect the reliability of critical services, stringent cybersecurity measures have been put in place.
Cybercrime and hacking are illegal in India, according to the country’s legal framework and cybercrime regulations. Cybercrimes and its attendant problems are addressed by the legal framework established by the Information Technology Act of 2000 and its following revisions.
In conclusion, to protect digital assets, data, and online activities from cyber attacks, India has adopted a holistic approach to cybersecurity that includes policy frameworks, regulatory measures, public awareness initiatives, and technical breakthroughs.