The Digital Personal Data Protection (DPDP) Bill is a proposed legislation in India aimed at protecting the privacy and personal data of individuals. The bill was introduced in 2022 and has yet to be passed into law.
The DPDP Bill defines “data principals” as the individuals to whom the personal data relates. This includes children, where the parents or lawful guardians of such children are considered data principals. The bill also defines “data fiduciaries” as entities that determine the purpose and means of processing personal data.
The DPDP Act applies to entities that process digital personal data within India. This includes personal data collected online as well as data that is collected offline and subsequently digitized. However, the bill excludes data that is collected offline and stored offline.
The DPDP Bill is based on seven principles aimed at protecting personal data.
These principles include
lawful use,
transparency and accountability,
purpose limitation,
data minimization,
storage limitation,
data security,
individual rights.
These principles ensure that personal data is processed in a lawful, fair, and transparent manner, and that individuals have control over their personal data.
The DPDP Bill also grants certain rights to individuals regarding their personal data. These rights include the right to access their personal data, the right to correct their personal data, the right to be forgotten, the right to data portability, and the right to object to the processing of their personal data.
The DPDP Bill does not expressly prohibit cross-border data transfers or prescribe any specific compliance requirements for the transfer of personal data outside India. However, the Central Government of India may specify the nations or territories outside of India to which a data fiduciary may transmit personal data under the terms and conditions it deems appropriate.
In addition, the DPDP Bill excludes non-automated processing of personal data, offline personal data, personal data processed by an individual for any personal or domestic purpose, and personal data about an individual that is contained in a record that has been in existence for at least 100 years.
Overall, the DPDP Bill is an important step towards protecting the privacy and personal data of individuals in India. Once passed into law, it will provide individuals with greater control over their personal data and ensure that data fiduciaries process personal data in a lawful, fair, and transparent manner.