The Union cabinet has cleared the personal data protection bill which clears its way to be tabled in the Parliament during the upcoming Monsoon session, CNBC Awaaz reported quoting sources.
This is the version of the bill that was published by the government in November last year for public consultation.
By just focusing personal data, the new bill has done away with regulating the use of non-personal data. It has also removed the need to locally store all user data by businesses, and instead allowed the leeway of storing such data in ‘trusted geographies’.
The draft bill requires a data fiduciary — i.e. an entity which processes user data — to give an itemised notice to user on data sought to be collected, in clear and plain language. It also mandates that the user should be allowed the right to give, manage, withdraw consent from sharing his/her information.
For example, when a person closes their savings bank account, the bank has to delete his/her data pertaining to the account. Similarly, if a user deletes their social media account on a particular platform, their data has to be deleted as the bill mandates that a data fiduciary must retain personal data only so long as it is required for the purpose for which it was collected.
The bill states that a data fiduciary shall not undertake tracking or behavioural monitoring of children or targeted advertising directed at children. Before processing any personal data of a child, the fiduciary has to obtain verifiable parental consent. Moreover, non-fulfilment of these obligations relating to children can lead to penalties of up to Rs 200 crore.
A few months back, Minister for Electronics and Information Technology Ashwini Vaishnaw courted controversy after, in an event, he claimed that the Parliamentary Standing Committee on IT had “approved” the bill. Soon after, members of the committee such as Karti Chidambaram, John Brittas and others refuted these claims.