Personal Data Protection Bill, 2018 (Download PDF)


Download PDF of This Page (Size: 630.50 K)

Justice BN Srikrishna Committee submitted its report on data protection law to Union Minister for Electronics & IT, law & justice. Bill will apply to processing of personal data w/i India, including State.

Image of Privacy law in the making

Image of Privacy Law in the Making

Image of Privacy law in the making

Provisions of Draft Bill

  • Draft Personal Data Protection Bill, 2018 proposes that critical personal data of Indian citizens shall be processed in centers located w/i country.

  • Personal data will be processed on basis of consent of data principal, so processing of sensitive personal data will be on basis of “explicit consent. ”

  • Draft law leaves it to Central Govt. to notify categories of personal data that will be considered as critical.

  • Some of personal data can be transferred outside territory of India w/some riders. At least one copy of data will need to be stored in India.

  • For data processors outside India, law will apply to those carrying on business in India or other activities like data profiling which could cause privacy harms to data principals in India.

  • It recommends for setting up of Data Protection Authority (DPA) to prevent misuse of personal information & provides for setting up Appellate Tribunal.

  • Data principal will have right to restrict or prevent continuing disclosure of personal data-by-data processor.

  • Sensitive personal data will include passwords, financial data, health data, official identifier, sex life, sexual orientation, biometric & genetic data, & data that reveal transgender status, intersex status, caste, tribe, & religious beliefs of individual.

  • It provides for penalties for data processor as well as compensation to data principal to be imposed for violations of data protection law.

  • It suggests penalty of Rs. 15 cr. or 4 % of total worldwide turnover of any data collection entity for violating provisions.

  • Failure to take prompt action on data security breach can attract up to Rs. 5 cr. or 2 % of turnover as penalty.

  • Law will not have retrospective application & will come into force in structured & phased manner.

Stringent Norms for Data Protection of Children

  • It suggests stringent norms for protecting data of children, recommending that companies be barred from certain types of data processing such as behavioural monitoring, tracking & any other type of processing which is not in best interest of child.

  • Data Protection Authority will have power to designate websites or online services that process large volumes of personal data of children as “guardian data fiduciaries”.

  • Placing onus of properly processing data of child on company is preferable to existing regulatory approach, which is based solely on system of parental consent.

  • Draft law will go thru process of inter-ministerial discussions & Cabinet & parliamentary approval.

  • Once it becomes Act, it will become model framework for protection of personal data for world.

- Published/Last Modified on: December 25, 2018

Policy/Governance, Bills, Computers & ICT

Monthy-updated, fully-solved, large current affairs-2019 question bank(more than 2000 problems): Quickly cover most-important current-affairs questions with pointwise explanations especially designed for IAS, NTA-NET, Bank-PO and other competetive exams.