“The time for the Joint Committee on the Personal Data Security Bill has been expanded to the second week of the Winter Session. The final bill is scheduled to be tabled in Parliament at the Budget Session after the Committee’s recommendations have been incorporating,” the source said.
New Delhi: The Personal data protection Bill, which seeks to limit the use of personal data without the explicit consent of people is likely to be tabled at Parliament’s next year’s budget meeting, according to the source. The bill, approved by the Cabinet in December 2019, imposes a penalty of up to Rs 15 crore and up to three years in jail for business executives for violating privacy.
“The time for the Joint Committee on the Personal Data Security Bill has been expanded to the second week of the Winter Session. The final bill is scheduled to be tabled in Parliament at the Budget Session after the Committee’s recommendations have been incorporated,” the source said.
The bill was introduced in Lok Sabha in February and was referred to the Joint Parliamentary Committee of the two Houses, led by BJP MP Meenakshi Lekhi, for examination and reporting.
The draft approved by the Cabinets in December demands the storage of critical data of individuals by internet companies within the country, although sensitive data can only be transferred abroad with the explicit consent of the data owner.
The bill was drafted up following the decision of the Supreme Court in August 2017, which declared ‘Right to Privacy’ a fundamental right.
The need for a strong person for the security of personal data was further illustrated by the apex court in its judgement of September 2018, in which it found Aadhaar to be a constitutionally valid the scheme, but also removed some of the provisions of the Aadhaar Act.
According to the terms of the bill, all internet companies would have to store critical data of persons within the country on a required basis. They could, however, pass sensitive data overseas with the express consent of the data owner to process it only for the purposes permitted under the proposed legislation.
Sensitive data would be defined from time to time by the government. Data related to health, religious or political orientation, biometrics, genetics, sexual orientation, health, financial etc. have been identified as sensitive data.
The data business executive of a corporation will face a a jail term of up to three years if found guilty of knowingly combining anonymous data with publicly available information to ascertain the identity of an individual — called ‘re-identify de-identified data’ in technical terms under the proposed law.
Social media companies may be required to set up a the mechanism to identify users on their platform who are willing to be detected on a voluntary basis.
It’s going to be voluntary for individuals if they wish to be verified or not.
The legislation provides for the grant of the right to be forgotten to data owners, as well as the right to erase, correct and switch of data.