The Indian Digital Personal Data Protection Bill (DPDP) is a comprehensive law that seeks to protect the privacy of individuals in India. The bill was introduced in the Lok Sabha, the lower house of the Indian Parliament, in 2019 and was passed by the Rajya Sabha, the upper house, in August 2023. The bill is expected to come into force in 2024.
Image source: Copy right free image by Pexels.com
The DPDP bill is modeled on the EU General Data Protection Regulation (GDPR), but it also takes into account the specific needs of India. Some of the key features of the DPDP bill include:
The right of individuals to access their personal data, to have it corrected, and to be forgotten.
The requirement for organizations to obtain consent from individuals before collecting or processing their personal data.
The prohibition on organizations transferring personal data outside of India without the consent of the individual or the approval of the Data Protection Authority.
The establishment of a Data Protection Authority to oversee the implementation of the bill.
The DPDP bill is a significant step forward in the protection of personal data in India. It is expected to have a major impact on businesses and organizations that collect and process personal data, and it will help to ensure that individuals have greater control over their personal information.
Comparison of the Digital Personal Data Protection bill and the GDPR:
The DPDP bill and the GDPR are both comprehensive data protection laws that aim to protect the privacy of individuals. However, there are some key differences between the two laws.
One of the most significant differences is the scope of application. The GDPR applies to all organizations that process personal data of individuals located in the European Union, regardless of where the organization is located. The DPDP bill, on the other hand, only applies to organizations that are located in India or that offer goods or services to individuals in India.
Another difference is the way in which consent is obtained. Under the GDPR, consent must be freely given, specific, informed, and unambiguous. The DPDP bill does not specify the same requirements for consent, but it does state that consent must be obtained in a clear and transparent manner.
The GDPR also provides for more stringent data protection requirements for sensitive personal data, such as data relating to health or ethnicity. The DPDP bill does not specifically mention sensitive personal data, but it does state that organizations must take additional steps to protect this type of data.
Finally, the GDPR gives individuals more rights than the DPDP bill. For example, under the GDPR, individuals have the right to be forgotten, which means that they can request that their personal data be deleted. The DPDP bill does not provide for a right to be forgotten.
Overall, the DPDP bill is a comprehensive data protection law that will help to protect the privacy of individuals in India. However, there are some key differences between the DPDP bill and the GDPR, which businesses and organizations should be aware of.
Comments