The government will shortly notify the appointment and recruitment rules for its chairperson and members
Currently, the government is working on criteria for the selection of members and chairperson, and rules in regards to the board’s working
The government is planning to hold a consultation process with relevant stakeholders
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
Following the approval of the Digital Personal Data Protection (DPDP) Bill, 2023, by both the Lok Sabha and Rajya Sabha, the government is now gearing up to promptly notify the establishment of the Data Protection Board (DPB).
Minister of State for Electronics and IT, Rajeev Chandrasekhar, stated that the government will soon announce the chairperson and members’ appointment and recruitment guidelines, as ET reported.
Presently, the government is actively formulating the criteria for selecting members and the chairperson, as well as establishing rules governing the functioning of the board. Additionally, efforts are underway to define the procedures for the appeal process at the Telecommunications Disputes Settlement and Appellate Tribunal (TDSAT).
The minister also added that the work on rules for personal data breach reporting and other market-wide obligations have also begun. The government is planning to hold a consultation process with relevant stakeholders.
“Wherever required, opinions of appropriate experts and stakeholders will also be taken,” he said.
The bill, which became law after President Droupadi Murmu granted her assent, aims to replace existing data protection laws, largely enforced via Section 43A of the Information Technology Act, 2000.
The DPDP Act defines terms such as ‘personal data’ and ‘processing’. According to the new law, personal data is any data that can help identify an individual ‘by or in relation’ to such data. The act also has the concept of user consent, meaning that data can only be processed with the user’s prior permission and only for lawful and specified legitimate purposes.
The Data Protection Board of India will monitor compliance and impose penalties. It can also advise the government on blocking access to an intermediary if provisions related to the bill are violated more than twice.
For data breaches, entities may have to pay up to INR 250 Cr penalty. As per the Act, penalties would be imposed by the Data Protection Board after conducting an inquiry and TDSAT will be the appellate body for decisions of the proposed board.
Although the Act provides much-needed clarity to users on how corporations can use their data. Besides the opposition, it has also received criticism from industry stakeholders. There are concerns that this bill would lead to state-sponsored surveillance of citizens and violate citizens’ right to privacy.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.