{"id":33132,"date":"2023-03-09T05:19:58","date_gmt":"2023-03-08T23:49:58","guid":{"rendered":"https:\/\/vajiramandravi.com\/current-affairs\/?p=33132"},"modified":"2025-04-19T19:00:53","modified_gmt":"2025-04-19T13:30:53","slug":"data-protection-bill-govt-plans-to-ease-norms-for-cross-border-flow-of-data","status":"publish","type":"post","link":"https:\/\/vajiramandravi.com\/current-affairs\/data-protection-bill-govt-plans-to-ease-norms-for-cross-border-flow-of-data\/","title":{"rendered":"Data Protection Bill: Govt plans to ease norms for cross-border flow of data"},"content":{"rendered":"<h3><strong>What\u2019s in today\u2019s article?<\/strong><\/h3>\n<ul>\n<li><strong>Why in News?<\/strong><\/li>\n<li><strong>What is the Digital Personal Data Protection Bill 2022?<\/strong><\/li>\n<li><strong>News Summary Regarding the Changes to the Bill under Consideration<\/strong><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><strong>Why in News?<\/strong><\/h2>\n<ul>\n<li>The government is considering some changes to the draft Digital Personal Data Protection Bill 2022.<\/li>\n<li>These could include allowing global data flows by default to all jurisdictions other than a specified negative list of countries, a provision on \u201cdeemed consent\u201d, etc.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><strong>What is the Digital Personal Data Protection Bill 2022?<\/strong><\/h2>\n<ul>\n<li><strong>Background:<\/strong>\n<ul>\n<li>The Original bill (2019) was prepared by retired SC<strong> Justice B N Srikrishna, <\/strong>to provide for protection of personal data of individuals and establish a Data Protection Authority.<\/li>\n<li>The revised draft (2022) was released after the government withdrew an earlier version that sparked outrage from Big Tech and civil society.<\/li>\n<li>The Bill is<strong> a key pillar of an overarching framework of technology regulations<\/strong> the Centre is building which also includes &#8211;\n<ul>\n<li>The Digital India Bill &#8211; the proposed successor to the IT Act 2000;<\/li>\n<li>Indian Telecommunication Bill 2022; and<\/li>\n<li>A policy for non-personal data governance.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>Salient provisions in the new draft:<\/strong><\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/QGTcvnNZ-ugToehNTF0fMcGnDIvsRFKFWUm75yvuBpZRwCAKK0c4jfARrrc64isWazPCCzhAS0-7hLV3ShbZpbXQDWXjt_wjEhXQrXDY-eJTVti47YnVb_ENqVHr83wALHHs27tbgmeM\" alt=\"\" \/><\/p>\n<p>Image Caption: Salient provisions of the Data Protection Bill 2022<\/p>\n<ul>\n<li>It provides for the purpose, specified grounds and limitations for collecting and processing of personal data.<\/li>\n<li><strong>A Data Protection Board<\/strong> as the adjudicating body to enforce the provisions of the Bill. Also, a Data Protection Officer and an independent data auditor to evaluate compliance with provisions of the law.<\/li>\n<li><strong>Offers significant concessions on cross-border data flows<\/strong>.\n<ul>\n<li>The Centre will notify regions, based on their data security landscape, to which data of Indians can be transferred.<\/li>\n<li>The previous Bill required businesses to keep a copy of some &#8220;sensitive personal data&#8221; within India and prohibits the export of undefined &#8220;critical&#8221; personal data from the country.<\/li>\n<li>It was one of the <strong>most serious issues raised by IT<\/strong> corporations.<\/li>\n<li>The new Bill takes a softer stance on <strong>data localisation rules<\/strong> and allows data flow to specific worldwide destinations based on predetermined evaluations.<\/li>\n<\/ul>\n<\/li>\n<li>Companies will no longer be required to retain user data, which no longer serves its business purpose.<\/li>\n<li>Users will have the <strong>right to have their personal data in the custody of enterprises corrected and erased.<\/strong><\/li>\n<li>Companies should not process personal <strong>data that is \u201clikely to cause harm\u201d to children<\/strong> (less than 18 years of age) and cannot run targeted advertising on children.<\/li>\n<li><strong>National security-related exemptions<\/strong>: The Centre has been empowered to exempt its agencies from adhering to provisions of the Bill in the interest of &#8211;\n<ul>\n<li>Sovereignty and integrity of India,<\/li>\n<li>Security of the state,<\/li>\n<li>Friendly relations with foreign states,<\/li>\n<li>Maintenance of public order or preventing incitement to any cognisable offence.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Keeping in mind the start-up ecosystem of the country<\/strong>, the government could also exempt certain businesses from adhering to provisions of the Bill on the basis of volume of users and personal data processed.\n<ul>\n<li><strong>Penalties for companies: <\/strong>Ranging from Rs 50 crore to Rs 500 crore for data breaches and noncompliance.<\/li>\n<li><strong>Penalties for users:<\/strong> A customer who provides fraudulent documentation for an online service or files frivolous grievance complaints may be penalised up to Rs 10,000.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Concerns:<\/strong>\n<ul>\n<li><strong>Wide-ranging, excessively vague exemptions to the state agencies<\/strong>: This may not qualify the test of \u2018necessity\u2019 and \u2018proportionality\u2019 as laid down in the landmark right to privacy (KS Puttaswamy) judgement of 2017<\/li>\n<li><strong>Reduced independence of a proposed regulator: <\/strong>The appointment of the chairperson and members of the proposed <strong>Data Protection Board <\/strong>is completely left to the discretion of the central government.\n<ul>\n<li>This is unlike the Data Protection Authority (under the 2019 Bill), which was envisaged to be a <u>statutory <\/u>authority.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2><strong>News Summary Regarding the Changes to the Bill under Consideration:<\/strong><\/h2>\n<ul>\n<li><strong>After receiving input from a variety of stakeholders<\/strong>, the proposed data protection Bill changes are currently being considered.<\/li>\n<li>The current provision on <strong>cross-border data flows<\/strong> is likely to be amended with the Bill allowing cross-border data flows<strong> to all geographies with an official blacklist<\/strong> of countries where transfers would be restricted.<\/li>\n<li>This change is seen as<strong> a move to ensure business continuity for enterprises <\/strong>and to place India as a crucial part of the global data transfer network &#8211; an important element of trade negotiations the country is currently exploring with the EU, etc.\n<ul>\n<li>One concern has been unchecked data transfers to <strong>China<\/strong>.<\/li>\n<li>Recently, <strong>apps and websites<\/strong> believed to transfer data to China have been blocked and scrutiny has stepped up (changes in FDI policy) over funds coming into India from Chinese entities.<\/li>\n<li>This called for prior approval of the government for FDI by any entity based in any country (earlier Pakistan or Bangladesh) sharing a border with India.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Private entities may be excluded from \u2018deemed consent\u2019<\/strong> provisions which allow for personal data processing for certain purposes without requiring fresh consent.\n<ul>\n<li>Under the original draft, if a user has voluntarily shared her data with an entity for a certain purpose,<strong> that entity can assume her consent for other adjacent purposes.<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<hr \/>\n<h3><strong>Q1) How the Digital Personal Data Protection Bill 2022 regulates cross-border data flows?<\/strong><\/h3>\n<p>The previous Bill (original draft) required businesses to keep a copy of some &#8220;sensitive personal data&#8221; within India and prohibits the export of undefined &#8220;critical&#8221; personal data. The new draft takes a softer stance on data localisation rules and allows data flow to specific worldwide destinations based on predetermined evaluations.<\/p>\n<p>&nbsp;<\/p>\n<h3><strong>Q2) What is the \u2018deemed consent\u2019 provision provided under the Digital Personal Data Protection Bill 2022?<\/strong><\/h3>\n<p>Under the original draft, if a user has voluntarily shared her data with an entity for a certain purpose, that entity can assume her consent for other adjacent purposes<\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<p><strong>Source:\u00a0<\/strong><a href=\"https:\/\/indianexpress.com\/article\/india\/data-personal-bill-govt-plans-to-ease-norms-for-cross-border-flow-of-data-8484963\/\" target=\"_blank\" rel=\"nofollow noopener\"><u>Data Protection Bill: Govt plans to ease norms for cross-border flow of data<\/u><\/a>\u00a0|\u00a0<a href=\"https:\/\/indianexpress.com\/article\/india\/data-protection-bill-new-draft-privacy-law-eases-cross-border-flow-of-data-hikes-penalties-for-breach-8276777\/\" target=\"_blank\" rel=\"nofollow noopener\"><u>IE<\/u><\/a>\u00a0|\u00a0<a href=\"https:\/\/timesofindia.indiatimes.com\/india\/govt-plans-penalty-of-up-to-rs500cr-for-data-breach\/articleshowprint\/95613899.cms\" target=\"_blank\" rel=\"nofollow noopener\"><u>ToI<\/u><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Digital Personal Data Protection Bill 2022 deals with collecting and processing of personal data.<\/p>\n","protected":false},"author":5,"featured_media":33133,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[18],"tags":[],"class_list":{"0":"post-33132","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-upsc-mains-current-affairs","8":"no-featured-image-padding"},"acf":[],"_links":{"self":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts\/33132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/comments?post=33132"}],"version-history":[{"count":0,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts\/33132\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/media\/33133"}],"wp:attachment":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/media?parent=33132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/categories?post=33132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/tags?post=33132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}