To ask Her Majesty's Government what plans they have, if any, to replicate the provisions in the Republic of India's Data Protection Bill in relation to the state's right to access, control and process personal data obtained by private enterprises.
7 January 2020
The Government has no plans to amend the UK’s Data Protection Act 2018 (DPA) to replicate those provisions contained in the Republic of India’s Personal Data Protection Bill.
The Government takes the protection of personal data and the right to privacy seriously. The DPA sets standards for protecting personal data in accordance with the General Data Protection Regulation (GDPR), and ensures that our laws are fit for the digital age in which an ever increasing amount of data is being processed.
The DPA has various exemptions that disapply a number of obligations on data controllers in certain circumstances, for example, the information required to be disclosed in connection with legal proceedings, crime and taxation. These exemptions do not oblige an organisation to disclose personal information.
All data controllers, including public authorities, are required to comply with the DPA. Organisations that collect and use personal data must do so with an appropriate legal basis and apply exemptions to the rules on a case by case basis.