Digital Personal Data Protection Act:
NITI Aayog, the top think tank of the government, had opposed some of the provisions of the Digital Personal Data Protection Act, and particularly red-flagged the changes proposed to the Right to Information (RTI) Act that could “weaken” the legislation.
- The data protection law proposed is an amendment to a section in the RTI Act with such effect that disclosure of personal information about public officials would not be allowed even when these are justified in larger public interest.
Digital Personal Data Protection Act: - It is a comprehensive privacy and data protection law that provides guidelines on processing, storing, and securing personal data.
- It aims to regulate the processing of digital personal data while ensuring individuals’ right to protect their data and the need to process it for lawful purposes.
- It protects digital personal data by providing:
- The obligations of Data Fiduciaries (that is, persons, companies, and government entities who process data) for data processing (that is, collection, storage, or any other operation on personal data);
- The rights and duties of Data Principals (that is, the person to whom the data relates);
- Financial penalties for breach of rights, duties, and obligations.
Salient Features of the Digital Personal Data Protection Act:
- It applies to the processing of digital personal data within India where such data is collected in digital form or non-digital form and digitised subsequently.
- It empowers individuals with the right to know and control their personal data.
- This includes rights to access, correction, and erasure of their data, giving citizens greater control over their personal information.
- It mandates that personal data may be processed only for a lawful purpose after obtaining the consent of the Data Principal (who shall have the right to withdraw consent at any time). For a child or a person with a disability, consent will be provided by the parent or legal guardian.