A week after implementing the Citizenship Amendment Bill (CAB) the National Register of Citizens of India (NRC), the Personal Data Protection Bill was tabled in the Parliament. 

Currently with the Joint Parliamentary Committee (JPC) for consultation, the bill was given the nod by the cabinet but will be further discussed by law-enforcement agencies and different stakeholders. 

Forbes India

But to help you understand better, here’s everything you should know about the bill. 

The bill was introduced by the Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, on December 11, 2019. 

India Today

The bill seeks to provide protection of personal data of individuals, and establishes a Data Protection Authority for the same. 

First Post

In terms of applicability the bill allows and governs the processing of personal data by the government, companies incorporated in India and foreign companies dealing with personal data of individuals in India. 

The category of data includes personal (sensitive) data, financial data, bio-metric data, caste, religious or political beliefs, or any other type of data specified by the government. 

Live Mint

In return of taking control of our data, the government promises to set up a data fiduciary for the purpose of data collection and limitation. 

According to their assurance, all data fiduciaries must undertake transparency and accountability measures for implementing methods to encrypt data and prevent misuse. 
In addition, grievance redressal mechanisms to address complaints of individuals will be set up.  

First Post

On what grounds can your personal data be processed without consent?

Your personal data will be processed in cases where a) data is required for the State to benefit you or anyone related, b) for legal proceedings and c) for any medical emergency. 

Towards Data Science

In addition to the fiduciaries, a Data Protection Authority will take steps to protect the data of individuals and ensure compliance with the bill. 

The Data Protection authority will consist of a chairperson and six members, all with 10 years of experience. Orders of the Authority can be appealed to an Appellate Tribunal and cases from the Tribunal can be taken to the Supreme Court. 

Legal Bites

Talking about exemptions –  the Central government can exempt agencies in interest of security of state, public order, sovereignty and integrity of India and friendly relations with foreign states. 

Processing of personal data can also take place for investigating personal or domestic offences and for journalistic purposes. But the reason for such processing should be clear, specific and lawful. 

Deccan Herald

What are the offences? 

Processing or transferring personal data in violation of the bill will be considered an offence where a penalty of Rs.15 crore or 4% of annual turnover may be demanded. 
Failure to conduct a data audit will draw a penalty of Rs. 2 crore or 2% of the company’s annual turnover. 
Additionally, re-identification and processing of de-identified personal data without consent is punishable with imprisonment of up to three years, or fine, or both. 

Source: PRS Legislative Research