Key takeaways The time frame for a data fiduciary to report a data breach to a Data Protection Authority needs to be shortened Compensation due to harm categorised as psychological manipulation will be hard to ascertain The burden is on data principal to establish harm These were some of the key points raised at MediaNama’s 'Decoding India’s Data Protection Bill' event held on January 19 and 20, 2022, wherein Supreme Court advocate Vrinda Bhandari, Executive Director for Center for Internet and Society Amber Sinha, Senior Resident Fellow at Vidhi Center for Legal Policy Lalit Panda, and lawyer Prasanna S, shared their thoughts on the Data Protection Bill 2021 and the Joint Parliamentary Committee (JPC) report on the Bill, both of which were tabled in Parliament in December 2021. https://www.youtube.com/watch?v=wzPPhgCfAc4&t=4577s This discussion was organised with support from Google, Flipkart, Meta, and Star India, and in partnership with ADIF. To support future MediaNama discussions, please let us know here. Why should the burden be on users to establish harm? Prasanna said that under Section 64 or 65 of the bill, the burden is on the data subject to establish harm, loss, or damages. While Section 64 of the bill lays down the procedure for adjudication, which includes imposing penalties by an Adjudicating Officer, Section 65 is about the circumstances under which a data principal may be eligible for compensation. Rights will have to be litigated as one: “This placing of burden, in effect, means that all of the rights here – almost…
