Transcription of CHAPTER I PRELIMINARY CHAPTER II DATA PROTECTION …
1 I THE personal DATA PROTECTION BILL, 2018 CHAPTER I PRELIMINARY 1. Short title, extent and commencement.. 1 2. Application of the Act to processing of personal data.. 1 3. Definitions. In this Act, unless the context otherwise requires, .. 2 CHAPTER II DATA PROTECTION OBLIGATIONS 4. Fair and reasonable processing.. 6 5. Purpose limitation.. 6 6. Collection limitation.. 7 7. Lawful processing.. 7 8. Notice.. 7 9. Data quality.. 8 10. Data storage limitation.. 8 11. Accountability.. 9 CHAPTER III GROUNDS FOR PROCESSING OF personal DATA 12. Processing of personal data on the basis of consent.. 9 13. Processing of personal data for functions of the State.. 10 14. Processing of personal data in compliance with law or any order of any court or tribunal.
2 10 15. Processing of personal data necessary for prompt action.. 10 16. Processing of personal data necessary for purposes related to employment.. 10 17. Processing of data for reasonable purposes.. 11 CHAPTER IV GROUNDS FOR PROCESSING OF SENSITIVE personal DATA 18. Processing of sensitive personal data based on explicit consent.. 11 19. Processing of sensitive personal data for certain functions of the State.. 12 20. Processing of sensitive personal data in compliance with law or any order of any court or tribunal.. 12 21. Processing of certain categories of sensitive personal data for prompt action.. 12 ii 22. Further categories of sensitive personal data.. 13 CHAPTER V personal AND SENSITIVE personal DATA OF CHILDREN 23.
3 Processing of personal data and sensitive personal data of children.. 13 CHAPTER VI DATA PRINCIPAL RIGHTS 24. Right to confirmation and access.. 14 25. Right to correction, etc.. 14 26. Right to Data Portability.. 15 27. Right to Be Forgotten.. 16 28. General conditions for the exercise of rights in this CHAPTER .. 16 CHAPTER VII TRANSPARENCY AND ACCOUNTABILITY MEASURES 29. Privacy by Design.. 17 30. Transparency.. 18 31. Security Safeguards.. 18 32. personal Data Breach.. 18 33. Data PROTECTION Impact Assessment.. 19 34. Record-Keeping.. 20 35. Data Audits.. 20 36. Data PROTECTION Officer.. 21 37. Processing by entities other than data fiduciaries.. 22 38. Classification of data fiduciaries as significant data fiduciaries.
4 22 39. Grievance Redressal.. 23 CHAPTER VIII TRANSFER OF personal DATA OUTSIDE INDIA 40. Restrictions on Cross-Border Transfer of personal Data.. 23 41. Conditions for Cross-Border Transfer of personal Data.. 24 CHAPTER IX EXEMPTIONS 42. Security of the State.. 25 43. Prevention, detection, investigation and prosecution of contraventions of law.. 25 iii 44. Processing for the purpose of legal proceedings.. 26 45. Research, archiving or statistical purposes.. 27 46. personal or domestic purposes.. 27 47. Journalistic purposes.. 28 48. Manual processing by small entities.. 28 CHAPTER X DATA PROTECTION AUTHORITY OF INDIA 49. Establishment and incorporation of Authority.. 29 50. Composition and qualifications for appointment of members.
5 29 51. Terms and conditions of appointment.. 30 52. Removal of members.. 30 53. Powers of the chairperson.. 31 54. Meetings of the Authority.. 31 55. Vacancies, etc. not to invalidate proceedings of the Authority.. 31 56. Officers and Employees of the Authority.. 31 57. Grants by Central Government.. 32 58. Accounts and Audit .. 32 59. Furnishing of returns, etc. to Central Government.. 32 60. Powers and Functions of the Authority.. 33 61. Codes of Practice.. 35 62. Power of Authority to issue directions.. 36 63. Power of Authority to call for information.. 37 64. Power of Authority to conduct inquiry.. 37 65. Action to be taken by Authority pursuant to an inquiry.. 38 66. Search and Seizure.
6 39 67. Coordination between the Authority and other regulators or authorities.. 40 68. Appointment of Adjudicating Officer.. 41 CHAPTER XI PENALTIES AND REMEDIES 69. Penalties.. 41 70. Penalty for failure to comply with data principal requests under CHAPTER VI.. 42 71. Penalty for failure to furnish report, returns, information, etc.. 42 iv 72. Penalty for failure to comply with direction or order issued by the Authority.. 43 73. Penalty for contravention where no separate penalty has been provided.. 43 74. Adjudication by Adjudicating Officer.. 43 75. Compensation.. 44 76. Compensation or penalties not to interfere with other punishment.. 45 77. Data PROTECTION Funds.. 45 78. Recovery of Amounts.
7 46 CHAPTER XII APPELLATE TRIBUNAL 79. Establishment of Appellate Tribunal.. 47 80. Qualifications, appointment, term, conditions of service of members.. 48 81. Vacancies.. 48 82. Staff of Appellate Tribunal.. 48 83. Distribution of business amongst benches.. 48 84. Appeals to Appellate Tribunal.. 49 85. Procedure and powers of Appellate Tribunal.. 49 86. Orders passed by Appellate Tribunal to be executable as a decree.. 50 87. Appeal to Supreme Court of India.. 50 88. Right to legal representation.. 50 89. Civil court not to have jurisdiction.. 51 CHAPTER XIII OFFENCES 90. Obtaining, transferring or selling of personal data contrary to the Act.. 51 91. Obtaining, transferring or selling of sensitive personal data contrary to the Act.
8 51 92. Re-identification and processing of de-identified personal data.. 52 93. Offences to be cognizable and non-bailable.. 52 94. Power to investigate offences.. 52 95. Offences by companies.. 52 96. Offences by Central or State Government departments.. 53 CHAPTER XIV TRANSITIONAL PROVISIONS 97. Transitional provisions and commencement.. 54 v CHAPTER XV MISCELLANEOUS 98. Power of Central Government to issue directions in certain circumstances.. 55 99. Members, etc., to be public servants.. 55 100. PROTECTION of action taken in good faith.. 55 101. Exemption from tax on income.. 55 102. Delegation.. 55 103. Power to remove difficulties.. 56 104. Power to exempt certain data processors.. 56 105.
9 No application to non- personal data .. 56 106. Bar on processing certain forms of biometric data .. 56 107. Power to make rules.. 56 108. Power to make regulations.. 58 109. Rules and Regulations to be laid before Parliament.. 59 110. Overriding effect of this Act.. 60 111. Amendment of Act 21 of 2000.. 60 112. Amendment of Act 22 of 2005.. 60 THE FIRST SCHEDULE .. 61 THE SECOND SCHEDULE .. 62 1 THE personal DATA PROTECTION BILL, 2018 WHEREAS the right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy; WHEREAS the growth of the digital economy has meant the use of data as a critical means of communication between persons; WHEREAS it is necessary to create a collective culture that fosters a free and fair digital economy, respecting the informational privacy of individuals, and ensuring empowerment, progress and innovation.
10 AND WHEREAS it is expedient to make provision: toprotect the autonomy of individuals in relation with their personal data, to specify where the flow and usage of personal data is appropriate, to create a relationship of trust between persons and entities processing their personal data, to specify the rights of individuals whose personal data are processed, to create a framework for implementing organisational and technical measures in processing personal data, to lay down norms for cross-border transfer of personal data, to ensure the accountability of entities processing personal data, to provide remedies for unauthorised and harmful processing.
