Government releases new Digital Personal Data Protection Bill draft; check details

The draught of the Digital Personal Data Protection Bill was posted by the government for public comment on Friday. Stakeholders were asked to submit their comments by December 17th.

The Indian government has presented the drafted Digital Personal Data Bill, 2022. The purpose of this Act is to provide legislation for digital personal data. It acknowledges both the right of individuals to protect their personal data and the necessity to process personal data for authorized purposes.

“Seeking your thoughts on draught Digital Personal Data Protection Bill, 2022,” stated Union Minister for Railways, Communications, Electronics, and Information Technology Ashwini Vaishnaw.

The previous Data Protection Bill was repealed earlier this year during the legislative Monsoon Session. The ministry has drafted this Personal Data Protection Bill, which focuses entirely on legislation governing user data.

Some of the draft’s more prominent features relate upon social media and other internet businesses. According to the Digital Personal Data Bill, after the primary purpose has been accomplished, the business that collects data must cease to store personal data or erase the mechanisms by which the personal data may be connected with specific Data Principals. It further stipulates that the user’s data should not be kept if it is not required for legal or business objectives.

The new Personal Data Protection Act also grants complete authority to the owner of biometric data. Even if an employer requires an employee’s biometric data to track attendance, the employee must expressly consent.

KYC data will get impacted by the new Data Protection Bill. Every time a savings account is opened, a bank must complete the KYC procedure. The data obtained throughout this procedure is likewise subject to the new data protection bill. The bank would be required to keep KYC data for at least six months after the account is closed.

There is also a new set of guidelines for collecting and storing children’s personal data. To access the data, the party requesting it will need the approval of the parents or guardians. Social media businesses must also ensure that children’s data is not being monitored for specific advertising purposes.

Several MPs spoke out against the final report, which was presented in December of last year.


The bill’s contentious provisions include age-gating of material and access for children, as social media firms such as Facebook and Twitter will be required to appoint data guardians, even as platforms dealing with only children’s info will be required to register themselves, and giving the government a wide berth.

The proposed framework may have far-reaching implications for governments, industry players, and social media corporations like Twitter, Facebook, and WhatsApp.