Once passed, the data bill will provide new features to digital platforms
Each platform must get users' full, informed consent before processing personal data.
The Digital Personal Data Protection Bill, 2023, would place a number of obligations on digital platforms including applications and websites. They might need to redesign some of their data-handling procedures and develop a number of functions.
The Digital Personal Data Protection Bill, 2023 was introduced by the government in the Lok Sabha to lay out the rules for the authorised gathering, processing, and protection of private data as well as the potential fines of up to Rs 250 crore for data breaches.
Users' complete and informed consent is required from every platform before it may process their data.
Additionally, they must include a notice outlining the rights of users as well as the reason for data processing.
According to experts, firms that handle personal information but have contact with consumers would initially have a heavier compliance cost.
"The businesses managing digital personal data may require a platform to handle various privacy-related tasks and to check that consent is being obtained and used correctly.
They may be required to provide a copy of their data upon a user's request. You have to start thinking about automating once you reach a certain load, according to Nader Henein, research vice-president for privacy & data protection at Gartner.
Before processing any personal data of a person under the age of 18, the platforms are required under the Bill to seek verified parental consent, and in the case of individuals with disabilities, the consent of legal guardians. This will be a challenging assignment, according to Henein.
"We've seen techniques like face recognition to confirm an individual's age or video verification by parents giving their youngster permission to use a site. So, while I believe it to be incredibly essential, this is a really difficult one, he remarked.
Before collecting users' data, a warning must be provided in each of the 22 official languages. According to experts, this might cause notices and consent forms to become more multilingual.
In addition, it would be a very difficult challenge for the platforms to comply with the condition requiring the deletion of a user's personal data in the event that they withdraw their consent.
The platforms will need to carefully consider how they will word the request for consent's inclusion of the reason for data gathering. Platforms that are currently handling user data must now put procedures in place to get user consent in a timely manner, according to Aparna Gaur, leader of IP, Technology, Media, and Education.
The Bill also mandates that platforms notify users of any internal data breaches. If they don't, they might be subject to fines of up to Rs 200 crore.
Users are not already required to be notified of cybersecurity problems, but the Bill mandates that platforms do so in the event of a data breach. It will mark a significant change in their behaviour because currently few platforms adhere to this, according to Gaur.
The digital hygiene and procedures followed by the platform would be just as important as developing new in-app capabilities for compliance, according to Manish Sehgal, partner, risk advisory at Deloitte India.
It is essential that the procedures are updated and reevaluated. Platform and automation are merely tools that may be used to enable the correct process if you already have one. For instance, businesses should determine whether they have the proper procedures in place to inform users of the data collection process, what will happen with the data once it has been collected, and whether they plan to share the data with any third parties, according to Manish Sehgal, Partner, Risk Advisory at Deloitte India.
and correctly comprehend how the data moves. With this, everything can be carried out effectively once the platform's functionality has interfaces built in.
The majority of websites and applications are already governed by a number of Indian regulations, according to Kirti Mahapatra, Partner at Shardul Amarchand Mangaldas & Co. These laws oblige companies to maintain specific data governance procedures and to offer content regulation.
No comments:
Post a Comment