Indian Data Protection Bill gets Cabinet approval
India’s Union Cabinet approved the Digital Personal Data Protection Bill 2022 to be introduced at the Parliament. The Bill grants exemptions to the central government and allows it to control the appointment of the Data Protection Board. Cross-border data flow will be regulated using a ‘blacklist’ mechanism. The Bill aims to be ‘digital by design’ and may impact how companies use cookies on their websites.
India’s Union Cabinet approved the proposed Digital Personal Data Protection Bill 2022, which will be introduced at the Parliament. The Bill is also one of four proposed IT and Telecom-related Bills aimed at framing the fast-growing digital ecosystem
The wide-ranging exemptions for the central government and its agencies have remained the same in the Bill. The central government will have the right to exempt ‘any agency of the state’ from adverse consequences, citing reasons including national security, relations with foreign governments, and maintaining public order. The central government also controls the appointment of members of the Data Protection Board that will deal with privacy complaints and disputes between two parties. One fundamental change was how cross-border data flows to international jurisdictions will be dealt with, moving to a ‘blacklist’ mechanism.
The Bill is intended to be ‘digital by design’ when implemented. The Bill’s consent requirements could also force companies to change the way they serve cookies on their websites, requiring them to obtain specific consent to track a user’s activities on their website.