Banner
Workflow

Eye on colleges, hospitals, Centre seeks to get in order ahead of data protection rules

Contact Counsellor

Eye on colleges, hospitals, Centre seeks to get in order ahead of data protection rules

  • The data protection Act has an exemption clause for the government and its agencies, however, it is unlikely that it could be used for institutions like colleges and hospitals.

Highlights:

  • The Indian government is facing delays in finalizing and publishing draft rules for the Digital Personal Data Protection Act, 2023, primarily due to concerns about the readiness of public institutions to comply with the new law.

Compliance Concerns with Public Institutions:

  • Government Institutions' Preparedness: Schools, colleges, and hospitals—particularly in remote areas—face challenges in aligning with the new data protection regulations. Many operate with limited technology yet handle substantial personal data.
  • Internal Discussions: Government officials are considering the unique needs of these institutions, and whether they might need extended timelines for compliance.

Digital Personal Data Protection Act, 2023 Overview:

  • Background: Enacted in August 2023, the law requires additional subordinate rules—around 25—to define its operational framework.
  • Exemption Clauses: While government agencies are exempt under certain circumstances, it is unlikely that public colleges and hospitals will receive similar exemptions.

Challenges with Child Data Consent:

  • Consent Mechanism for Minors: The Act mandates that entities collecting data from individuals under 18 must seek parental consent. The government initially considered a standard mechanism but found it challenging to prescribe a uniform approach, opting instead to leave it to companies’ discretion.

Criticisms and Opposition:

  • Pushback from Civil Society and Opposition: Critics argue that the law could weaken the Right to Information (RTI) Act, a point highlighted by NITI Aayog.
  • Exemption Concerns: Section 17(2)(a) of the Act allows government agencies broad exemptions for reasons of national security, public order, and foreign relations. This has raised concerns about potential overreach.

Compliance and Penalties:

  • Consent-Based Data Collection: Companies are required to gather personal data with user consent, except for certain "legitimate uses."
  • Penalties: Failing to implement adequate data protection measures could result in fines up to Rs 250 crore.

Prelims Takeaways

  • Digital Personal Data Protection Act, 2023
  • Right to Information (RT) Act

Categories