Digital Personal Data Protection Bill: Govt Proposes Fine Of Up To INR 500 Cr For Violations

Must read



Digital Personal Data Protection Bill: Govt Proposes Fine Of Up To INR 500 Cr For Violations

With the government finally releasing the much-awaited draft Digital Personal Data Protection Bill, 2022, on Friday, entities managing data will need to be more cautious about handling users’ data. In case of non-compliance with the provisions of the Bill, a penalty of up to INR 500 Cr may be imposed.

“If the Board determines on conclusion of an inquiry that noncompliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such financial penalty as specified in Schedule 1, not exceeding rupees five hundred crore in each Instance,” the government said.

The Bill states that the government will form the Data Protection Board of India (Board) to determine non-compliance with provisions of the act and impose penalty.

“The Board may, in the event of a personal data breach, direct the Data Fiduciary to adopt any urgent measures to remedy such personal data breach or mitigate any harm caused to Data Principals,” the government said.

Data Protection Board of India To Decide The Penalty

While every entity handling data needs to comply with orders passed by the Board, an appeal against any order of the Board can be made before the High Court within a period of 60 days from the date of the order appealed against.

If the Board is of the opinion that any complaint may more appropriately be resolved by mediation or other process of dispute resolution, it may direct the concerned parties to attempt resolution of the dispute through mediation by a body or group of persons.

While determining the amount of a financial penalty to be imposed, the Board will focus on various aspects such as the nature, gravity and duration of the non-compliance, the type and nature of the personal data affected by the noncompliance, repetitive nature of the non-compliance, whether the person, as a result of the non-compliance, has realised a gain or avoided any loss, according to the draft.

Moreover, the Board will also consider whether the person took any action to mitigate the effects and consequences of the non-compliance, and the timeliness and effectiveness of that action.

The Board will also look into whether the financial penalty to be imposed is proportionate and effective, and the likely impact of the imposition of the financial penalty on the person.

In case of non-compliance with the provisions of the Bill, a penalty of up to INR 500 Cr may be imposed.

It must be noted that the government withdrew the Personal Data Protection Bill, 2021 in August after 81 amendments were proposed by a joint parliamentary committee (JPC).

“Considering the report of the JPC, a comprehensive legal framework is being worked upon. Hence, in the circumstances, it is proposed to withdraw The Personal Data Protection Bill, 2019 and present a new bill that fits into the comprehensive legal framework,” Minister of Electronics and Information Technology Ashwini Vaishnaw said at that time.

While the Personal Data Protection Bill of 2021 covered processing of personal data, sensitive personal data, and non-personal data, the latest draft bill focuses only on personal data.

Minister of State for Electronics and Technology Rajeev Chandrasekhar recently said in a tweet that India’s upcoming Digital Data Protection Bill will end misuse of data of consumers.

The development comes at a time when the digital economy is rapidly evolving and the Indian government and several other private bodies collect and retain public data. Hence, experts have been calling for a robust data protection law to protect private data of citizens.

The post Digital Personal Data Protection Bill: Govt Proposes Fine Of Up To INR 500 Cr For Violations appeared first on Inc42 Media.



Source link

More articles

- Advertisement -

Startup

- Advertisement -

Latest article