The draft bill, renamed as The Digital Personal Data Protection Bill, 2022, has laid out the conditions for collecting data and the consent of the people whose data would be processed.
New Delhi:
The government has raised the penalty amount to up to Rs 500 crore for violating the provisions proposed under the draft Digital Personal Data Protection Bill 2022 issued on Friday.
The draft personal data protection bill in 2019 proposed a penalty of Rs 15 crore or 4 per cent of the global turnover of an entity.
The government released the draft of a new comprehensive data protection bill on Friday, three months after withdrawing a previous bill that had alarmed big technology companies.
The draft proposes to set up a Data Protection Board of India, which will carry on functions as per the provisions of the bill.
”If the Board determines at the conclusion of an inquiry that noncompliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such a financial penalty as specified in Schedule 1, not exceeding rupees five hundred crore in each instance,” the draft said.
The draft bill, renamed as The Digital Personal Data Protection Bill, 2022, has laid out the conditions for collecting data and the consent of the people whose data would be processed.
Before taking up anybody’s data, a fiduciary must give to them an itemised notice in clear and plain language containing a description of personal data sought and the purpose of the processing of such personal data.
The draft bill allows the central government to appoint an independent ‘Data Protection Board of India’. The board will determine non-compliance with provisions of the bill and also decide on the penalty for non-compliance.
The draft has proposed a graded penalty system for data fiduciary that will process the personal data of data owners only in accordance with the provisions of the Act.
The same set of penalties will be applicable to the Data processor — which will be an entity that will process data on behalf of the Data Fiduciary.
The draft proposes a penalty of up to Rs 250 crore in case the Data Fiduciary or Data Processor fails to protect against personal data breaches in its possession or under its control.
The draft is open for public comment till December 17.
The new data privacy law that will allow companies to transfer users’ personal data to certain countries abroad, the latest regulation that will have an impact on how tech giants such as Facebook and Google operate in the market.
The draft bill comes after the government in August withdrew a 2019 proposal that had alarmed big technology companies by proposing stringent regulations on cross-border data flows.
The government said it could specify countries or territories outside India to which entities managing data can transfer personal data of users.
“Cross-border interactions are a defining characteristic of today’s interconnected world … Personal data may be transferred to certain notified countries and territories,” the government said in a statement.
The Digital Personal Data Protection Bill is open for public consultation, the federal IT minister said on Twitter, without giving a deadline.
Companies including Facebook, Twitter and Google have for years been concerned with many technology sector regulations India, which have also strained relations with the United States in recent years.
The new bill also proposes financial penalties on companies for incident related to data breaches. It also says the federal government would have powers to exempt state agencies from provisions of the bill in the interest of national security.
The new measure, now up for public consultation, is expected to be presented in the next session of parliament.