Draft Data Protection Bill entails penalty of up to ₹250 cr for privacy breach


Aiming to protect personal data breach, the Indian government released the draft Digital Personal Data Protection Bill 2022 last Friday, which entails the provision of fine of up to ₹250 crore on data-managing entities that fail to adopt reasonable security safeguards.

The draft Bill was put up for stakeholders’ comments by Minister for Electronics and Information Technology, Ashwini Vaishnaw.

One of the main objectives of the bill is to process digital data in a way which recognises both the right of individuals to protect their personal data and the need to process it for lawful purposes and related matters.

Non-compliance with other provisions of the proposed legislation would entail a penalty ranging from ₹10,000 to ₹250 crore, though this would depend on the nature of violation or non-compliance with its provisions, the draft Bill said.

The Bill also envisages setting up of a data protection board of India, which will act as a digital regulator.

“If the board determines at the conclusion of an inquiry that noncompliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such a financial penalty as specified in Schedule 1, not exceeding ₹500 crore in each instance,” the draft Bill said.

The Telecom Ministry has sought public comments on the draft legislation by December 17.

“Digital Personal Data Protection Bill frames out the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the Data Fiduciary on the other hand. The bill is based on the following principles around the Data Economy,” a statement issued by the ministry said.

The Bill will establish the comprehensive legal framework governing digital personal data protection in India. The Bill provides for the processing of digital personal data in a manner that recognises the right of individuals to protect their personal data, societal rights and the need to process personal data for lawful purposes, it added.

“The ministry has invited feedback from the public on the draft Bill. The submissions will not be disclosed and be held in fiduciary capacity, to enable persons submitting feedback to provide the same freely. No public disclosure of the submissions will be made,” official sources said.

On personal data breach, Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar, had tweeted earlier this week that this violates privacy and data protection.

India’s digital data protection bill will put a stop to this and ensure that any platform or intermediary that does this, will face punitive and financial consequences, he had tweeted on November 15.

Earlier, the Government had brought the Data Protection Bill, 2019, which was scrapped amid opposition from political parties and various sections of the society.

The earlier legislation was introduced on December 11, 2018 and then referred to the joint Parliamentary committee for examination.

After the Parliamentary panel’s report was presented to the Lok Sabha in December 2021, the Bill was returned with as many as 81 amendments and in August this year, it was rescinded from the Lok Sabha.

Related posts