Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The bill calls for the regulation of personal data, where no person will be allowed to collect, store,
process, disclose or handle any private data except in accordance to the act, nothing in the act refers to
personal data collected, storage and processing of personal data for domestic use. There isnt any
provision which lays down what is considered to be domestic use. It was drafted by the Centre for
Internet and Society as discussed at the 6th Privacy Roundtable, New Delhi held on 24 August 2013.
This version of the Bill caters only to the Personal Data regime.
This bill is to provide protection of personal data and information collected for a particular purpose by
one organisation and to prevent its usage by another for commercial and other purposes, and entitle
the individual to claim any compensation in case there has been disclosure of such data without
consent.
Data which is collected by the government or private body cannot be processed unless the
consent of the concerned person.
It allows for processing under certain instances such as prevention of crime, prosecution of
offenders, assessment or collection of any tax or duty
Personal data cannot be disclosed for the purpose of any marketing or commercial gain and if
the data is used for such purposes without consent, the person will be entitled to
compensation.
The appropriate government can make provisions for the appointment of Data Controllers in
any State or Union Territory. The appropriate government shall make terms and conditions of
service, number of officers and staff necessary, procedure for appointment of data controllers.
Any organization which is collecting data will be required to report to the data controller the
reason for collection and use of any data. They are required to take measures to maintain
confidentiality and security in handling such data and only collect essential information
Contravention of the provisions of the act can lead to imprisonment upto 3 years, fine up to
10 lakhs or both.
A company can be held liable and punished for the contravention of the provisions of this act.
All offences under this Act shall be tried summarily in the manner prescribed for summary
trial under the Code of Criminal Procedure, 1973.
The Central Government may, by notification in the Official Gazette make rules for carrying
out the purposes of this Act.
Both the bills have provisions which have been made for the collection storage and processing of
personal data. They both impose penalty for the use and processing of data without prior consent of
the person involves. The bills also emphasise on the need to have security of data and the need to
maintain confidentiality and not allow for disclosure without prior consent.
There are no provisions given for the storage of data in the 2014 Bill or for transfer of data for
processing.
The 2014 bill has not looked into Sensitive Personal Information or defined it.
The 2014 bill does not address the processing of data by intelligence agencies.
The 2013 bill addressed the need for a Data Protection Authority separate from Data
Controllers. However, the 2014 bill does not mention any such authority and states that there
can be Data controllers appointed for every State or Union territory to whom any organisation
which is collecting data will have to report to.
The Data Protection Authority in the first case was given the powers of a civil court, to try
offences under the provision. The 2014 bill states that any contravention will be tried
summarily in accordance to the Code of Civil Procedure.
Current status: The Personal Data Protection Bill 2014 was introduced in the Rajya Sabha on the
28th November, 2014. Further, the Personal Data Protection Bill 2013 was never placed before the
parliament for discussion.