Seeking public feedback, the government on Friday released a draft of the new data privacy bill, three months after withdrawing the Personal Data Protection Bill, 2021, after a parliamentary panel sought as many as eighty-one amendments to it.

The proposed legislation has been introduced as the ‘Digital Data Personal Protection Bill, 2022’ by the government. Its purpose – according to the draft – is ‘to provide for the processing of digital personal data that recognises the right of individuals to protect their personal data, the need to process it for personal purposes, and for other incidental purposes.'
Here are salient features of the Digital Data Personal Protection Bill, 2022, as mentioned in the draft:
{{/usCountry}}Here are salient features of the Digital Data Personal Protection Bill, 2022, as mentioned in the draft:
{{/usCountry}}(1.) Significantly, and for the first time in the country's legislative history, the terms ‘her’ and ‘she’ have been used irrespective of an individual's gender. This, as per the draft, is in line with the government's philosophy of empowering women.
(2.) The bill is based on seven principles: usage of personal data by organisations in a lawful manner; purpose limitation; data minimisation; accuracy of personal data; storage limitation; prevention of breach of personal data; and accountability for data processing.
(3.) To prepare it, best global practices were considered, including review of data protection legislations of Australia, European Union (EU), Singapore, and a prospective one of the USA.
(4.) The draft has six ‘Chapters’ and a total of twenty-five points. The ‘Chapters’ are: ‘Preliminary,’ ‘Obligations of Data Fiduciary,' ‘Rights and Duties of Data Principal,’ ‘Special Provisions,’ ‘Compliance Framework,’ and ‘Miscellaneous.’
(5.) The terms it uses in more than one context with a specific intended meaning are ‘Data Principal,’ ‘personal data,’ ‘Data Fiduciary,’ ‘processing’ and ‘public interest.’
(6.) To enable individuals to make a fair assessment of a situation in which their personal data is being sought, provision has been made to make basic information available to them in languages under the 8th schedule of the Constitution.
(7.) Personal data can be processed only on the following grounds: processing is done only in accordance with the provisions of this bill; processing for a purpose not forbidden under the law; and on consent from the individual before processing.
(8.) If personal data is likely to cause harm to a child, its processing will not be allowed. For cross-border interaction, transfer of personal data to certain notified countries will be allowed, but only after assessment of relevant factors by the government.