Reuters news agency has reported that the Andhra Pradesh State Assembly has approved legislation to regulate the microfinance sector. The Assembly ratified an earlier ordinance curbing operations by MFI lenders. The ordinance took effect in October in response to news reports on suicides among borrowers. http://in.reuters.com/article/idINIndia-53571720101215
The Personal Data Protection Bill, 2019 was recently introduced in Parliament. The Bill has been referred to a Joint Parliamentary Committee for detailed examination, and the Committee is expected to submit its report by the last week of Budget Session, 2020. The Bill seeks to provide for the protection of personal data of individuals (known as data principals), and creates a framework for processing such personal data by other entities (known as data fiduciaries). It provides the data principal with certain rights with respect to their data, such as seeking correction, completion or transfer of their data to other fiduciaries. Similarly, it sets out certain obligations, and other transparency and accountability measures to be undertaken by the data fiduciary, such as instituting grievance redressal mechanisms to address complaints of individuals. Processing of personal data is exempted from the provisions of the Bill in certain cases, such as security of state, public order, or for prevention, investigation, or prosecution of any offence. The Bill also establishes a Data Protection Authority to ensure compliance with the provisions of the Bill and provide for further regulations.
As per the Statement of Objects and Reasons of the 2019 Bill, the provisions of the Bill are based on the recommendations of the report of the Expert Committee (Chair: Justice B. N. Srikrishna) which examined issues related to protection of personal data and proposed a Draft Personal Data Protection Bill, 2018.
In a previous blog, we provided a brief background to the 2019 Bill, explained why a Bill was brought for personal data protection and what are some of the key provisions of the Bill. In this blog, we look at how the 2019 Bill differs from the 2018 Draft Bill.
Table 1: Comparison of the provisions of the 2018 Draft Bill with the 2019 Bill
Provision |
Draft Personal Data Protection Bill, 2018 |
Personal Data Protection Bill, 2019 |
Definition of personal data |
|
|
Sensitive personal data |
|
|
Rights of individual (data principal) |
|
|
Non-consensual processing of personal data |
|
|
Social media intermediaries |
|
|
Exemptions for the government for processing of personal data |
|
|
Exemptions for manual processing by small entities |
|
|
Transfer of personal data outside country |
|
|
Composition of Data Protection Authority of India |
|
|
Offences and penalties |
|
|
Non-personal and anonymised personal data |
|
|
Sources: The Draft Personal Data Protection Bill, 2018; The Personal Data Protection Bill, 2019; PRS.