Draft Data Protection Bill proposes six types of penalties
Nov 18, 2022
New Delhi [India], November 18 : The reintroduced draft Digital Personal Data Protection Bill, 2022, has proposed six types of penalties on non-companies to companies. To prevent a personal data breach, a penalty of up to Rs 250 core is being proposed in the draft bill which has been put out for public comments earlier today.
Besides, failure to notify the Board and affected Data Principals in the event of a personal data breach and non-fulfilment of additional obligations in relation to Children may attract Rs penalty up to Rs 200 crore.
Non-fulfilment of additional obligations of Significant Data Fiduciary under the sections 11 and 16 of the Act may attract Rs 150 crore and Rs 10 crore fines, respectively.
Lastly, non-compliance with provisions of this Act other than those listed in (1) to (5) and any rule made thereunder will attract penalties up to Rs 50 crore.
Regarding the transfer of personal data outside India, the Bill said the Central Government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified.
In major exemption, the Central Government may, by notification, exempt from the application of provisions of this Act, the processing of personal data by any instrumentality of the State in the interests of sovereignty and integrity of India, security of the State, friendly relations with foreign States, maintenance of public order or preventing incitement to any cognizable offence.
Notably, first time in the legislative history, 'her' and 'she' have been used to denote all genders in the entire draft Bill.
"With the philosophy, the Prime Minister Narendra Modi's government works, we have attempted to use the word 'she' and 'her' in the entire Bill instead of 'him' and 'his'. This is an innovative thing attempted in the bill," Union Minister for Railways, Communications, Electronics and Information Technology Ashwini Vaishnaw said.
Three months after the withdrawal of the Digital Personal Data Protection Bill from the lower house of the Parliament, the central government today came up with a new draft Bill seeking views from the public.
The central government during the recent Monsoon session of Parliament withdrew the Bill from the Lok Sabha several months after it was introduced.
Vaishnaw had earlier said that the Bill was withdrawn because the Joint Parliamentary Committee recommended 81 amendments in a bill of 99 sections.
"Above that it made 12 major recommendations. Therefore, the bill has been withdrawn and a new bill will be presented for public consultation," he had said.
The purpose of this Act, the draft said, is to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process personal data for lawful purposes.
The Bill was much needed as the Digital India mission has caused digitization of the Indian economy and transformed the lives of Indian citizens in particular and governance in general.
Presently, there are over 76 crore active digital citizens and over the next coming years this is expected to touch 120 crore (1.2 billion). India is the largest connected democracy in the world and is amongst the highest consumers and producers of data per capita amongst the countries.
The first principle of the proposed Bill is that usage of personal data by organisations must be done in a manner that is lawful, fair to the individuals concerned and transparent.
The second principle of purpose limitation is that the personal data is used for the purposes for which it was collected. The third principle of data minimisation is that only those items of personal data required for attaining a specific purpose must be collected.
Among others, personal data should be limited to such duration as is necessary for the stated purpose for which personal data was collected and reasonable safeguards to ensure that there is no unauthorised collection or processing of personal data are some features.
The government said during the drafting of the Personal Data Protection Bill, 2019 the entire gamut of principles was widely debated and discussed. These include rights of individuals, duties of entities processing personal data and regulatory framework, among others.