Skip to content Skip to left sidebar Skip to right sidebar Skip to footer
Choose language:

Culture

Digital Personal Data Protection Bill 2022

The Digital Personal Data Protection Bill is a legislation that frames out the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the Data Fiduciary on the other hand. The bill is based on the following principles around the Data Economy:

  1. The first principle is that the usage of personal data by organisations must be done in a manner that is lawful, fair to the individuals concerned and transparent to individuals.
  2. The second principle of purpose limitation is that the personal data is used for the purposes for which it was collected.
  3. The third principle of data minimisation is that only those items of personal data required for attaining a specific purpose must be collected.
  4. The fourth principle of the accuracy of personal data is that reasonable effort is made to ensure that the personal data of the individual is accurate and kept up to date.
  5. The fifth principle of storage limitation is that personal data is not stored perpetually by default. The storage should be limited to such duration as is necessary for the stated purpose for which personal data was collected.
  6. The sixth principle is that reasonable safeguards are taken to ensure that there is no unauthorised collection or processing of personal data. This is intended to prevent a personal data breach.
  7. The seventh principle is that the person who decides the purpose and means of processing personal data should be accountable for such processing. These principles have been used as the basis for personal data protection laws in various jurisdictions. The actual implementation of such laws has allowed the emergence of a more nuanced understanding of personal data protection wherein individual rights, public interest and ease of doing business especially for startups are balanced.

What is DPDP Bill, 2022?

  • The Ministry of Electronics and Information Technology drafted the DPDP Bill in 2022, replacing Personal Data Protection Bill, of 2019.
  • The Bill frames out the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the Data Fiduciary on the other hand.
  • It is one of the four proposed legislations in the IT and telecom sectors to provide the framework for the rapidly growing digital ecosystem.

What is meant by Data governance?

  • Data governance is the management and control of an organization’s data assets.
  • It ensures data is accurate, secure, compliant, and used effectively, through policies, standards, stewardship, quality management, security, privacy, and lifecycle management.

Who are Data fiduciaries?

  • Data fiduciaries – organizations or individuals- handle personal data on behalf of others, ensuring its privacy and protection.
  • It includes businesses, government agencies, service providers, and professionals- who process or store personal data- in compliance with applicable laws and regulations.

Who is a Data Principal?

  • The DPDP bill, 2022 denotes a data Principal- an individual who’s data is being collected.

What is Data Portability?

  • Ability of individuals– to transfer personal data from one platform, service, or organization to another.

What is Data Interoperability?

  • Ability of different systems platforms, or services -to seamlessly exchange and use data with one another.

Key Principles and Features of the DPDP Bill, 2022

  • Personal data usage should be lawful, fair, and transparent
  • Collection of minimum necessary data– only for the specific purposes
  • Personal data stored- limited to a fixed duration– not indefinitely
  • Implementing safeguards against unauthorized data collection and processing
  • The bill defines Data Principals and Data Fiduciaries
  • It grants rights such as information access, consent, and correction.
  • A Data Protection Board– ensures compliance, monitors, and penalises for data breach
  • Cross-border data transfer is allowed to specified countries with suitable data security
  • Exemptions may be granted based on user volume and national security
  • Empowers individuals with data control

The need for such a bill

  • Increasing use of the internet and the associated risks to individuals’ personal data
  • Increasing prevalence of cyber threats and Data breaches: the need for legal frameworks
  • Data monetization can compromise personal privacy- protecting individual privacy is crucial
  • The absence of writ proceedings against corporate actions; the need for a data protection law; remedies for privacy violations

Advantages of the DPDP Bill, 2022

  • Strengthens data protection measures and obligations to maintain the accuracy and security of personal data
  • Promotes responsible data management practices— data minimization, purposeful dissemination, and authorized collection and processing of personal data
  • Enhances user control and choice through data portability
  • Provisions for accountability and remedies in case of privacy breaches– legal remedies
  • Aligns India with international data protection standards, – smoother data transfers and trade relations with countries that prioritize privacy
  • Strikes a balance between data protection and national interests

Concerns raised over the bill

  • Wide-ranging exemptions for government agencies- undermine privacy protections
  • Insufficient safeguards for the right to privacy- discretionary powers to the government
  • Dilution of the role of the Data Protection Board- concerns about independence and effectiveness
  • Open-ended language in certain provisions— ambiguity and misuse of power
  • Lack of specific provisions for compensation in the case of data breaches
  • Potential infringement on the RTI Act- reduction in transparency and accountability
  • Challenges in standardization and compatibility for seamless data transfer and interoperability

Potential challenges in its implementation

  • Implementing the provisions is both a compliance burden and technically challenging
  • The requirement for local storage and processing of personal data: costs and operational complexities
  • Diverse and interconnected digital landscape
  • Complexities associated with cross-border data transfers
  • Striking a balance between protecting privacy rights and promoting innovation and economic growth
  • Keeping the legislation up-to-date and relevant to evolving data protection concerns

In comparison with other countries

  • The EU’s General Data Protection Regulation (GDPR) imposes– stringent requirements and extensive obligations on organizations handling personal data
  • India aims to align with GDPR to facilitate data transfers and trade relations
  • The US relies on sectoral laws and focuses on individual liberties and protection from government intrusion
  • China’s recently implemented Personal Information Protection Law (PIPL) and the Data Security Law (DSL)- individuals’ new rights over their personal data and impose restrictions on cross-border data transfers

India’s efforts for its data protection regime

  • In 2017, the Supreme Court’s decision in- K. S. Puttaswamy (Retd) vs Union of India, which recognized- right to privacy as a fundamental right– Indian Constitution under Article 21- laid the foundation for stronger data protection measures
  • B.N. Srikrishna to propose a framework for data protection, including- recommendations to strengthen privacy laws in India, â€“ data processing restrictions, a Data Protection Authority, the right to be forgotten, and data localization
  • Information Technology Rules 2021– mandate social media platforms and intermediaries to exercise- greater diligence in handling content on their platforms

What more needs to be done?

  • Conduct thorough stakeholder consultations with- diverse perspectives and inputs
  • Strengthen privacy safeguards by- minimizing exemptions for government agencies
  • Independence and effectiveness of the Data Protection Board
  • Clarify and address concerns about- potential violations of the right to privacy
  • Provisions for data portability and the right to be forgotten
  • Evaluate and mitigate potential implications for the RTI
  • Continuously review and – update the legislation- emerging privacy challenges and technological advancements
  • Awareness and educate individuals about their privacy rights
  • International alignment with global privacy frameworks

Conclusion

The DPDP 2022 is a significant step towards safeguarding individuals’ privacy rights and regulating data practices but concerns remain regarding exemptions for government agencies and the independence of the Data Protection Board. With stakeholder collaboration, transparency, and continuous adaptation, we can empower individuals, foster innovation, and ensure a future where privacy and progress go hand in hand.

One Person Company

The incorporation of OPC into the legal system is a step that would promote the corporatization of microbusinesses and entrepreneurship with a less onerous legal framework so that the small business owner is not required to spend a lot of time, energy, and money on intricate legal compliances. Individuals will be able to contribute to economic progress thanks to this, and it will also create job opportunities. Under the Companies Act of 2013, the One Person Company, a sole proprietorship and company type of business, has been given concessional/relaxed conditions. Under the One Person Company (OPC) idea, the Companies Act of 2013 now allows a single national person to form a company.

Origin of the concept in India
In the report of the Dr. J.J. Irani Committee, the idea of OPC was floated. OPC was briefly mentioned by the Irani Committee in its report. The committee offered numerous classifications of firms in Chapter III, “Classification and Registration of Companies,” as shown below.

1 The concept of ‘One Person Company’ may be introduced in the Act with following characteristics :-
(a) OPC may be registered as a private Company with one member and may also have at least one director;
(b) Adequate safeguards in case of death/disability of the sole person should be provided through appointment of another
individual as Nominee Director. On the demise of the original director, the nominee director will manage the affairs of the company till the date of transmission of shares to legal heirsof the demised member.
(c) Letters ‘OPC’ to be suffixed with the name of One Person


Companies to distinguish it from other companies.”
OPC’s effect on Indian entrepreneurship In India, the idea of OPC is still in its infancy and needs more time to develop and be completely embraced by the corporate community. The OPC style of company organization is poised to overtake other business organization models in the future, particularly among small business owners. The advantages of using this idea are many, to name a few –

  • Minimal paper work and compliances
  • Ability to form a separate legal entity with just one member
  • Provision for conversion to other types of legal entities by induction of more members and amendment in the Memorandum of Association.
  • The One Person Company concept holds a bright future for small traders, entrepreneurs with low risk taking capacity, artisans and other service providers.
  • The OPC would act as a launch pad for such entrepreneurs to showcase their capabilities in the global arena.
    The counterparts of Indian OPCs in Europe, United States and Australia have resulted in further strengthening of the economies in the respective countries. OPCs in India are aimed at structured, organised business units, having a separate legal entity ultimately playing a crucial role in further strengthening of the Indian economy.

One Person Company: As per section 2(62) of the Companies Act, 2013, “One Person Company” means a company which has only one person as a membe.

Salient features of OPC

The salient features of OPC are:

  • Desire for personal freedom that allows the Professional skilled person to adopt the business of his choice.
  • Personality driven passion and implementation of a business plan.
  • The desire of the entrepreneurial person to take extra risk and willingness to take additional responsibility.
  • Personal commitment to the business which is a sole idea of the person and close to his heart.
  • It is run by individuals yet OPCs are a separate legal entity similar to that of any registered corporate.
  • A One Person Company is incorporated as a private limited company.
  • It must have only one member at any point of time and may have only one director.
  • The member and nominee should be natural persons, Indian Citizens and resident in India. The term “resident in India” means a person who has stayed in India for a period of not less than 182 days during the immediately preceding one calendar year.
  • One person cannot incorporate more than one OPC or become nominee in more than one OPC.
  • If a member of OPC becomes a member in another OPC by virtue of his being nominee in that OPC then within 180 days he shall have to meet the eligibility criteria of being Member in one OPC.
  • OPC to lose its status if paid up capital exceeds Rs. 50 lakhs or average annual turnover is more than 2 crores in three immediate preceding consecutive years.
  • No minor shall become member or nominee of the One Person Company or hold share with beneficial interest.
  • Such Company cannot be incorporated or converted into a company under section 8 of the Companies Act, 2013.
  • Such Company cannot carry out Non Banking Financial Investment activities including investment in securities of any body corporate.
  • No such company can convert voluntarily into any kind of company unless 2 years have expired from the date of incorporation, except in cases where capital or turnover threshold limits are reached.
  • An existing private company other than a company registered under section 8 of the Act which has paid up share capital of Rs. 50 Lakhs or less or average annual turnover during the relevant period is Rs. 2 Crores or less may convert itself into one person company by passing a special resolution in the general meeting.