The number of internet users in India has already crossed 600 million. Online businesses are eagerly waiting for this number to touch one billion. Experts say it might happen as early as 2030.
The increasing internet penetration has posed a significant challenge to the monitoring agencies of government because of the colossal amount of data created, exchanged, and collected.
Protecting personal data is an ethical responsibility of the one who possesses it. But, who audits the use of data? What are the compliances? What are the consequences of a breach of trust?
To address these pertinent questions, the Minister of Electronics & Information Technology proposed the Digital Personal Data Protection Bill, 2023 in Parliament. It received the Presidential nod on 11th August. India has now joined the ranks of developed countries to protect citizens' data and citizens' right to privacy.
The previous bills in 2019 and 2022 were laced with several issues relating to data localization, transparency, and compliance. They were withdrawn by the Central Government.
Salient Features of the Digital Personal Data Protection Bill, 2023
The primary objective of the bill is to balance the processing of digital personal data while upholding individual rights and lawful data usage. It outlines the responsibilities of Data Fiduciaries, protects Data Principals' rights (that is, the rights of the person to whom the data relates), and enforces penalties for breaches.
It seeks to establish a comprehensive framework for the protection of personal data. This framework extends its jurisdiction to personal data collected within India–both online and offline data that has been subsequently digitized. Moreover, if data processing occurs outside India but involves offering goods or services to individuals within the country, the Bill's regulations apply.
The Bill details all scenarios of data security and protection of privacy. To summarise, the Bill is drafted on seven key principles:
- Consent and Transparency Personal data usage should have consent, transparency, and legality.
- Purpose Limitation Data should only be used for the specified purpose mentioned during consent.
- Data Minimization The collection of personal data should be limited to what's necessary for the intended purpose.
- Data Accuracy Ensuring that collected data is accurate and kept up to date.
- Storage Limitation Data should only be stored for as long as needed for the specified purpose.
- Accountability Breaches and violations should lead to penalties and accountability.
- Security Safeguards Adequate security measures must be in place to protect data.
What Does the Bill Provide for Every Citizen?
The citizens of India have a moment to rejoice because the bill clearly outlines the rights of individuals against malicious use of their data. The power is given in the hands of the Data Principal. The primary rights as per the Bill are:
- Access to Information: The right to access information about personal data processing.
- Correction and Erasure: The right to correct and erase personal data.
- Grievance Redressal: The right to seek resolution for grievances.
- Nomination Rights: The right to nominate someone to exercise these rights in case of death or incapacity.
The Data Fiduciaries will enforce these rights. The additional responsibilities include:
- Implementing security measures to prevent data breaches.
- Notifying affected Data Principals and the Data Protection Board about breaches.
- Erasing data when no longer needed or upon withdrawal of consent.
- Establishing grievance redressal systems and appointing officers for Data Principals' queries.
- Data audits and protection assessments.
The Data Protection Board is responsible for penalising data breaches and blocking the digital resources of repeat violators.
The penalties are severe and the mandate of data protection is serious. Notable penalties are:
- Non-compliance with Child Data Obligations: INR 200 Crore penalty
- Failure in Implementing Security Measures: INR 250 Crore penalty
- Breach of Personal Data Breach Notice: INR 200 Crore penalty
What Does the Bill Imply for Enterprises?
The consequences of a data breach until now were the high cost of data compromise and damage to the company’s reputation. The involvement of the government was minimal and the laws around data breaches were vague.
The scenario is very different with the passage of this Bill. Enterprises will have to prioritise data security and follow norms as mandated by the government. Missing out on this crucial factor can lead to heavy penalties in addition to the costs of data loss and a dent in reputation.
The advent of quantum computers has put existing encryption protocols at risk. The probability of data breaches is higher and businesses cannot ignore or sideline the issues around data security.
The plan of action is clear–fortress data against new-age attacks to survive in the new-age economy.
How can QNu Labs Help?
QNu is a pioneer in quantum cryptography. It can deploy security safeguards mandated by the Bill. The patented technologies developed by QNu are proven to shield data from quantum attacks.
QNu's range of quantum-based products covers security from end-to-end across the entire data-based paraphernalia. From quantum-based encryptions to entropy enhancement services, QNu covers all security bases.
QNu offers three products that serve as a quantum security ecosystem:
Armos (QKD)
QKD is a state-of-the-art device providing unconditional security for critical data through quantum physics.
Tropos (QRNG)
QRNG generates true random numbers from a quantum source, making it suitable for all QRNG applications.
Hodos (PQC)
PQC is the next generation of cryptographic protocol recommended by NIST that replaces today's RSA-based vulnerable systems with a quantum-resistant one.
References: