The Personal Data Protection Bill, 2019
OBLIGATIONS OF DATA FIDUCIARY
- Prohibition of processing of personal data.
- Limitation on purpose of processing of personal data.
- Limitation on collection of personal data.
- Requirement of notice for collection or processing of personal data.
- Quality of personal data processed.
- Restriction on retention of personal data.
- Accountability of data fiduciary.
- Consent necessary for processing of personal data.
GROUNDS FOR PROCESSING OF PERSONAL DATA WITHOUT CONSENT
- Grounds for processing of personal data without consent in certain cases.
- Processing of personal data necessary for purposes related to employment, etc. 14. Processing of personal data for other reasonable purposes.
- Categorisation of personal data as sensitive personal data.
PERSONAL DATA AND SENSITIVE PERSONAL DATA OF CHILDREN
RIGHTS OF DATA PRINCIPAL
- Right to confirmation and access.
- Right to correction and erasure.
- Right to data portability.
- Right to be forgotten.
- General conditions for the exercise of rights in this Chapter.
TRANSPARENCY AND ACCOUNTABILITY MEASURES
- Privacy by design policy.
- Transparency in processing of personal data.
- Security safeguards.
- Reporting of personal data breach.
- Classification of data fiduciaries as significant data fiduciaries.
- Data protection impact assessment.
- Maintenance of records.
- Audit of policies and conduct of processing, etc.
- Data protection officer.
- Processing by entities other than data fiduciaries.
- Grievance redressal by data fiduciary.
RESTRICTION ON TRANSFER OF PERSONAL DATA OUTSIDE INDIA
- Prohibition of processing of sensitive personal data and critical personal data outside India.
- Conditions for transfer of sensitive personal data and critical personal data.
- Power of Central Government to exempt any agency of Government from application of the Act.
- Exemption of certain provisions for certain processing of personal data.
- Power of Central Government to exempt certain data processors.
- Exemption for research, archiving or statistical purposes.
- Exemption for manual processing by small entities.
- Sandbox for encouraging innovation, etc.
DATA PROTECTION AUTHORITY OF INDIA
- Establishment of Authority.
- Composition and qualifications for appointment of Members.
- Terms and conditions of appointment.
- Removal of Chairperson or other Members.
- Powers of Chairperson.
- Meetings of Authority.
- Vacancies, etc., not to invalidate proceedings of Authority.
- Officers and other employees of Authority.
- Powers and functions of Authority.
- Codes of practice.
- Power of Authority to issue directions.
- Power of Authority to call for information.
- Power of Authority to conduct inquiry.
- Action to be taken by Authority pursuant to an inquiry.
- Search and seizure.
- Co-ordination between Authority and other regulators or authorities.
PENALTIES AND COMPENSATION
- Penalties for contravening certain provisions of the Act.
- Penalty for failure to comply with data principal requests under Chapter V.
- Penalty for failure to furnish report, returns, information, etc.
- Penalty for failure to comply with direction or order issued by Authority.
- Penalty for contravention where no separate penalty has been provided.
- Appointment of Adjudicating Officer.
- Procedure for adjudication by Adjudicating Officer.
- Compensation or penalties not to interfere with other punishment.
- Recovery of amounts.
- Establishment of Appellate Tribunal.
- Qualifications, appointment, term, conditions of service of Members.
- Staff of Appellate Tribunal.
- Distribution of business amongst Benches.
- Appeals to Appellate Tribunal.
- Procedure and powers of Appellate Tribunal.
- Orders passed by Appellate Tribunal to be executable as a decree.
- Appeal to Supreme Court.
- Right to legal representation.
- Civil court not to have jurisdiction.
FINANCE, ACCOUNTS AND AUDIT
- Grants by Central Government.
- Data Protection Authority of India Funds.
- Accounts and Audit.
- Furnishing of returns, etc., to Central Government.
- Re-identification and processing of de-identified personal data.
- Offences to be cognizable and non-bailable.
- Offences by companies. 85. Offences by State.
- Power of Central Government to issue directions.
- Members, etc., to be public servants.
- Protection of action taken in good faith.
- Exemption from tax on income.
- Act to promote framing of policies for digital economy, etc.
- Bar on processing certain forms of biometric data.
- Power to make rules.
- Power to make regulations.
- Rules and regulations to be laid before Parliament.
- Overriding effect of this Act.
- Power to remove difficulties.
- Amendment of Act 21 of 2000.