Premium
This is an archive article published on November 16, 2022

Data protection Bill revised: Penalty up to Rs 200 crore if firms don’t have safeguards

The government is understood to be close to finalising the revamped Bill, internally being referred to as the ‘Digital Personal Data Protection Bill’, and come out with a final draft version this week.

google-preferred-btn
The Data Protection Board, an adjudicating body proposed to enforce the provisions of the Bill, is likely to be empowered to impose the fine after giving the companies an opportunity of being heard.The Data Protection Board, an adjudicating body proposed to enforce the provisions of the Bill, is likely to be empowered to impose the fine after giving the companies an opportunity of being heard.

Companies dealing in personal data of consumers that fail to take reasonable safeguards to prevent data breaches could end up facing penalties as high as around Rs 200 crore under the revamped version of the Data Protection Bill, The Indian Express has learnt. The Data Protection Board, an adjudicating body proposed to enforce the provisions of the Bill, is likely to be empowered to impose the fine after giving the companies an opportunity of being heard.

Penalties are expected to vary on the basis of the nature of non-compliance by data fiduciaries — entities that handle and process personal data of individuals. Companies failing to notify people impacted by a data breach could be fined around Rs 150 crore, and those failing to safeguard children’s personal data could be fined close to Rs 100 crore. In the previous version of the Bill, withdrawn earlier this year, the penalty proposed on a company for violation of the law was Rs 15 crore or 4 per cent of its annual turnover, whichever is higher.

Also Read | Withdrawal of Personal Data Protection Bill: Who benefits from the delay?

The government is understood to be close to finalising the revamped Bill, internally being referred to as the ‘Digital Personal Data Protection Bill’, and come out with a final draft version this week. The new Bill will only deal with safeguards around personal data and is learnt to have excluded non-personal data from its ambit. Non-personal data essentially means any data which cannot reveal the identity of an individual.

Story continues below this ad
Explained
Allaying fears of consumers

Fines for data misuse prescribed in the previous version of the Bill were not seen as an effective deterrent. The higher penalties being proposed now will prompt entities to build strong safeguards to protect data and enforce fiduciary discipline.

In August, the government withdrew the earlier Personal Data Protection Bill from Parliament after putting in nearly four years and having gone through multiple iterations including deliberations by a Joint Committee of Parliament. It said the government would soon finalise a “comprehensive legal framework” for the online ecosystem. The withdrawal came despite Union IT Minister Ashwini Vaishnaw stating in February 2022 that he hoped to get the Parliament’s nod on the Bill in the monsoon session.

In an interview with The Indian Express in September, Minister of State for Electronics and IT Rajeev Chandrasekhar had said companies would face punitive actions in the nature of financial penalties in the event of misuse of data and data breaches. In a tweet Tuesday, he reiterated this, stating that the upcoming data protection Bill will put an end to misuse of customer data with companies facing financial consequences.

“There will also be a strict or purpose limitation of data collected by companies and the time till which they can store it under the new Bill,” said a senior government official who did not wish to be named. It is learnt data fiduciaries will be required to stop retaining personal data and delete previously collected data after the initial purpose for which it was collected was fulfilled.

The revamped version of the Bill is likely to be released along with an explainer and summary, on the lines of the recently published draft Indian Telecommunication Bill, 2022. The Bill will undergo extensive consultation and will likely be introduced in the Budget session of Parliament next year.

Soumyarendra Barik
Soumyarendra Barik
twitter

Soumyarendra Barik is Special Correspondent with The Indian Express and reports on the intersection of technology, policy and society. With over five years of newsroom experience, he has reported on issues of gig workers’ rights, privacy, India’s prevalent digital divide and a range of other policy interventions that impact big tech companies. He once also tailed a food delivery worker for over 12 hours to quantify the amount of money they make, and the pain they go through while doing so. In his free time, he likes to nerd about watches, Formula 1 and football. ... Read More

© The Indian Express Pvt Ltd
Latest Comment
Post Comment
Read Comments
Advertisement
Top Stories
outside the RJD party office in Patna on Friday. Partners of the alliance filed nomination papers for all 121 seats going to polls in the first phase – the total strength of the Bihar House is 243 – while talks continued to end the deadlock over seats.
Mahagathbandhan fails to seal Bihar seat pact, parties go their own way in first phase
Shah Rukh Khan will be next seen in King
EntertainmentShah Rukh Khan, Salman Khan and Aamir Khan tease possibility of a film together: ‘The script has to be the hero'
America vs India cost of living
TrendingAmerican woman reveals why India offers better lifestyle despite lower incomes: ‘Can afford far more with less money’
Suryakumar Yadav became India's T20I captain after Rohit Sharma's retirement in July last year. (Express Photo by Narendra Vaskar)
SportsSuryakumar Yadav admits fear of losing India T20I captaincy amid Shubman Gill's rise but 'it is the kind that keeps me motivated'
For the first time in history, a genocide was broadcast live, supported by Western powers, while the rest of the world stood helpless, unable even to deliver food, anaesthetics, or painkillers, or to stop starvation and agony.
OpinionPalestinian Ambassador writes: Gaza must not be erased
Express shorts
A court in Antwerp passed the order initiating the formal process of bringing Choksi back to India. But, he still has options to challenge the order passed by the lower court.
Belgian court clears fugitive jeweller Mehul Choksi’s extradition to India
India58 min ago

Mehul Choksi, a fugitive diamantaire wanted in India for a Rs 13,000 crore loan fraud case, has been cleared for extradition by a court in Antwerp, Belgium. The Indian government has assured that Choksi will be held in a specific jail complex and provided with basic amenities if extradited. Choksi's extradition proceedings have advanced in Belgium and he has the option to challenge the order.

View all shorts
Live Blog
Loading Taboola...
Advertisement