The Centre could ask firms dealing in personal and non-personal data to get renewed consent from their users every time they change the terms and conditions and update their services, The Economic Times (ET) reported on Tuesday.
Also Read: Data protection bill gets cabinet nod, major provisions likely to be kept
The Centre has mandated that the personal data of a user, also known as data principal, must be processed only for purposes for which the consent has been taken or the consent is ‘deemed’ to have been taken.
According to clauses in the bill, requests for the processing of data should be accompanied by or preceded by “an itemised notice” containing the details of the personal data being collected and how the data can be employed. The data protection Bill states that such notices must be in “clear and plain language”.
The Centre has also proposed that in cases where the personal data of users have been collected before the implementation of the Act, the data fiduciaries should provide users with an “itemised notice in a clear and plain language containing a description of personal data of the data principal collected by the data fiduciary and the purpose for which such personal data has been processed”.
First Published: Jul 25 2023 | 2:24 PM IST