Latest News

A 500 Crore Penalty for Data Breach is Proposed by the New Data Protection Bill

Published

on

According to the draught Digital Personal Data Protection (DPDP) Bill, 2022, which was published on Friday, the government increased the penalty amount to up to 500 crore in addition to creating a Data Protection Board of India.

Public comments on the drought may be made until December 17.

A draught stated, “If the Board determines that a person’s noncompliance is significant at the conclusion of an inquiry, it may impose a financial penalty, not exceeding rupees five hundred crore each time, after giving the person a reasonable chance to be heard.”

This fine amount exceeds what was originally suggested by a draught by a significant margin. The Personal Data Protection Bill drafted from 2019 suggested a fine of 15 crore rupees, or 4% of an entity’s total global revenue.

System of grading penalties.

The draught includes a system of graduated penalties for data fiduciaries who handle data owners’ personal information other than in accordance with the Act’s regulations. If the Data Fiduciary or Data Processor fails to protect the data in its custody, a fine of up to Rs. 250 crore is proposed in the draught.

The data processor—an organization that will handle data processing on behalf of the data fiduciary—will be subject to the same set of sanctions, according to the draft.

In order to make the draught Bill simpler and easier to read, the government has also tried to use straightforward language.

The consent notification that originates from any application or platform must now be provided in one of the Schedule-8 languages of the Constitution, which is just one of the novel ideas that have been tried in this bill. For users to receive the consent notice, that means they will have access to the Indian languages. The second change is that, in keeping with the notion of women’s empowerment, “we have endeavored to use the words She/ Her in the entire Bill, instead of “He/His,” according to Ashwini Vaishnaw, Minister of Communications and Electronics & Information Technology.

He added that the draft Bill incorporates all privacy standards established by the Supreme Court in a number of decisions and based on the experiences of many nations.

Additionally, we made sure that there would be no significant compliance costs for startups and small businesses. Instead, we have worked to create a framework for compliance that is digital by design and will make it simple and easy to implement the Bill, he added.

Some experts, however, claimed that the government neglected numerous important details in its attempt to simplify the most recent form of the Bill.

Details not included

For instance, the word “as may be prescribed” appears throughout the Bill, although these are specifics that do not need to be left up to the Ministry or the Centre to be dictated later.

“Take a look at the world’s most effective data protection laws, where specifics are frequently incorporated into the law itself. There are 30 clauses, and 18 of them require that something be “prescribed” at a later time, so this clause is completely devoid of it. As a result, according to Amber Sinha, Senior Fellow at the Mozilla Foundation, who spoke with Business Line, the Executive (government) has unrestricted power.

However, according to Rajeev Chandrasekhar, Minister of State for Electronics and IT, “DPDP is a modern legislation that is part of a comprehensive framework of laws and rules that include IT rules, the DPDP bill, the National Data Governance Framework Policy, and a new Digital India Act – that will be a global standard policy framework that will catalyze the India TechEd and PM Narendra Modi ji’s goal of a $1 Trillion Digital Economy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version