The revamped version of the Data Protection Bill may impose a penalty of around Rs 200 crore on companies dealing in the personal data of consumers for failing to take reasonable safeguards to prevent data breaches, Indian Express reported. The earlier version of the Bill proposed a penalty of Rs 15 crore or 4 percent of the company’s annual turnover for violation of the law.
The fine will be imposed by the Data Protection Board, an adjudicating body that will be set up to enforce the provisions of the Bill. Companies will be given an opportunity of being heard, the report said.
Penalties will depend on the nature of non-compliance by data fiduciaries that handle and process the personal data of individuals.
ALSO READ:
The Data Protection Board could fine a company of around Rs 150 crore for failing to notify people impacted by a data breach. Similarly, companies failing to safeguard children’s personal data could be penalised with a sum of about Rs 100 crore.
Apart from this, data fiduciaries are likely to be asked to stop retaining personal data. These entities will be asked to delete data collected by them after the initial purpose for which it was collected was fulfilled.
“There will also be a strict or purpose limitation of data collected by companies and the time till which they can store it under the new Bill,” Indian Express quoted a senior government official as saying.
The Bill may also propose allowing the transfer of data and its storage in “trusted geographies” as opposed to the data localisation requirement proposed in the earlier version, Economic Times reported. The government will at regular intervals specify which geographies are “trusted”.
The government is expected to finalise and bring out the final draft version of what is being called the ‘Digital Personal Data Protection Bill’ this week. The new Bill is likely to deal with safeguards around personal data only and keep non-personal data out of its ambit. Non-personal data refers to information that does not reveal the identity of an individual.
In August this year, the government withdrew the earlier Personal Data Protection Bill from Parliament after working on it for nearly five years. The move came even after Union IT minister Ashwini Vaishnaw said he hoped to get the Parliament’s approval for the Bill in the monsoon session.
The provision on data localisation and clauses on criminal penalty, social media regulation and non-personal data were some of the most contentious clauses in the old draft. Large tech companies and Indian start-ups had both pushed back the Bill.
The revamped version is expected to carry an explainer and summary similar to the recently published draft Indian Telecommunication Bill, 2022. After extensive consultation, the Bill is likely to be introduced in the Budget session of Parliament next year.
(Edited by : Sudarsanan Mani)
Check out our in-depth Market Coverage, Business News & get real-time Stock Market Updates on CNBC-TV18. Also, Watch our channels CNBC-TV18, CNBC Awaaz and CNBC Bajar Live on-the-go!
Shehnai by Ustad Bismillah Khan's kin, ode to Kashi's celebrities: PM Modi's roadshow to showcase Varanasi's grandeur
May 13, 2024 11:03 AM
Piyush Goyal speaks on '400 paar' target, Maharashtra power play and more | Full text
May 13, 2024 9:00 AM
Why low voter turnout continues to be a serious subject of discussion as Phase-4 voting begins today
May 13, 2024 8:32 AM
Only 12% of candidates in fray in phase 5 are women, says ADR
May 13, 2024 7:15 AM