News: The Union Cabinet on Wednesday approved the introduction of the Personal Data Protection Bill, 2018 in the Parliament.
Facts:
Background:
- The bill has been prepared by a high-level expert committee headed by former Supreme Court judge B.N. Srikrishna. The Committee was constituted in 2017.
Key Features of the Bill:
Definition of Personal Data: The bill defines ‘personal data’ as any information which renders an individual identifiable.
Sensitive Personal Data:
- It classifies ‘sensitive personal data’ as those including passwords, financial data, health data, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, and religious or political belief or affiliation.
- The bill states such sensitive personal data can be processed only with the explicit consent of the person. This consent needs to be informed, clear, and specific.
Data Processing:
- Personal Data can be processed by both government and private entities incorporated in India, and entities incorporated overseas if they systematically deal with data principles within the territory of India.
- Data processing is allowed if consent is provided by the individual. This condition also has some exceptions.
Rights of Data Principal (whose data is being processed):
- The right to obtain a summary of their personal data held with the data fiduciary (one who processes the data),
- Right to be forgotten: the right to restrict or prevent continuing disclosure of personal data.
Exemptions: Data principal will have not the rights defined under the bill if their data is processed for
- National security
- Prevention, detection, investigation and prosecution of contraventions to a law
- Legal proceedings,
- Personal or domestic purposes, and
- Journalistic purposes.
Data Protection Authority: The Bill provides for the establishment of a Data Protection Authority (DPA) to supervise and regulate data fiduciaries.