The panel headed by retired Justice BN Srikrishna has submitted its bill on data protection to the IT Ministry on Friday. The draft bill, titled the Personal Data Protection Bill, 2018, now has to be tabled in Parliament. It will be the basis of a data protection framework that prescribes conditions for how organisations should receive, handle, and process individuals’ personal data in India, along the lines of laws like the EU's General Data Protection Regulation (GDPR). The draft legislation has 15 chapters and lays out a framework for data-protection obligations, grounds for processing of personal and sensitive personal data, data principal rights, provisions to govern the transfer of data outside India and the creation of a data protection authority. LIVE BLOG Key highlights from the bill Personal data has been defined as data which makes an individual directly or indirectly identifiable. The definition does not specifically mention any particular form of data or attribute. The bill excludes anonymized data from the application of this law. Apart from defining personal data the bill labels certain information as sensitive personal data as it existed under SPDI (sensitive personal data and information) Rules of the IT act, this has been expanded to include passwords; financial data; health data; official identifier; sex life; sexual orientation; biometric data; genetic data; transgender status; intersex status; caste or tribe; religious or political belief or affiliation. The law will extend to data fiduciaries or data processors who operate outside the country, if they carry out processing of personal…
