<p>The government on Friday released the draft Digital Personal Data Protection Bill 2022 on Friday where it proposes to impose a penalty of up to Rs 500 crore for violating its provisions, including breach of personal data.</p>.<p>Though the previous draft personal data protection bill, issued in 2019, had proposed a penalty of Rs 15 crore or 4 per cent of the global turnover of the company, the government said the latest draft has proposed a hefty fine to ensure no breach of personal data.</p>.<p>The proposed legislation will also allow transfer and storage of personal data in some countries, which is likely to bring relief to big tech companies like Google, Amazon and Facebook.</p>.<p><strong>Also Read: <a href="https://www.deccanherald.com/national/data-bill-first-in-india-to-use-she/her-pronouns-for-all-genders-1163724.html" target="_blank">Data Bill first in India to use ‘she/her’ pronouns for all genders</a></strong></p>.<p>The Ministry of Electronics and Information Technology has been working on a revised draft bill after withdrawing the Personal Data Protection Bill 2019 during the monsoon session of Parliament.</p>.<p>The proposed legislation stipulates consent before collecting personal data and provides for stiff penalties as high as Rs 500 crore on persons and companies that fail to prevent data breaches, including accidental disclosures, sharing, altering or destroying personal data. Companies can store data for only specified periods.</p>.<p>It has proposed a graded penalty system for Data Fiduciaries and Data Processors in case of any violation. Data Fiduciaries are entities which process personal data, either by themselves or with the help of Data Processors.</p>.<p>The draft has proposed a penalty of up to Rs 250 crore in case the Data Fiduciary or Data Processor fails to protect against personal data breaches in its possession or under its control.</p>.<p>The draft has also proposed a penalty of up to Rs 200 crore in case Data Fiduciary or Data Processor fails to inform the Board and data owner about data breach.</p>.<p>Besides, the Bill proposes to impose a penalty of Rs 10,000 on individuals providing unverifiable or false information while applying for any document, service, proof of identity or address etc and for registering a false or frivolous complaint with a Data Fiduciary or the Board.</p>.<p>The draft, aimed at protecting digital personal data, seeks to allow transfer of data outside India, and provides for penalties regarding data breaches. It is open for public comment till December 17. The government hopes to table the Bill in the next session of Parliament.</p>.<p><strong>Also Read: <a href="https://www.deccanherald.com/national/data-bill-to-achieve-multiple-objectives-mos-it-1163681.html" target="_blank">Data bill to achieve multiple objectives: MoS IT</a></strong></p>.<p>Commenting on the draft legislation, Ministry of Electronics and Information Technology Ashwini Vaishnaw said, “The bill focuses is on protecting Internet users from all kinds of online harm, and creates a safe and trusted digital ecosystem keeping in mind that India is a digital economy powerhouse today.”</p>.<p>The bill has a provision to allow entities to transfer the personal data of a citizen outside the country in cases where the processing of personal data is necessary for enforcing any legal right or claim, the performance of any judicial or quasi-judicial function, investigation or prosecution of any offence or data if the owner is not within the territory of India and has entered into any contract with any person outside the country.</p>.<p>The draft also gives powers to the Union government to exempt state agencies from provisions of the bill “in the interests of sovereignty and integrity of India” and to maintain public order.</p>.<p>Internet Freedom Foundation (IFF), an NGO, had said that “If the law is not applied to government instrumentalities, data collection and processing in the absence of any data protection standards could result in mass surveillance.”</p>
<p>The government on Friday released the draft Digital Personal Data Protection Bill 2022 on Friday where it proposes to impose a penalty of up to Rs 500 crore for violating its provisions, including breach of personal data.</p>.<p>Though the previous draft personal data protection bill, issued in 2019, had proposed a penalty of Rs 15 crore or 4 per cent of the global turnover of the company, the government said the latest draft has proposed a hefty fine to ensure no breach of personal data.</p>.<p>The proposed legislation will also allow transfer and storage of personal data in some countries, which is likely to bring relief to big tech companies like Google, Amazon and Facebook.</p>.<p><strong>Also Read: <a href="https://www.deccanherald.com/national/data-bill-first-in-india-to-use-she/her-pronouns-for-all-genders-1163724.html" target="_blank">Data Bill first in India to use ‘she/her’ pronouns for all genders</a></strong></p>.<p>The Ministry of Electronics and Information Technology has been working on a revised draft bill after withdrawing the Personal Data Protection Bill 2019 during the monsoon session of Parliament.</p>.<p>The proposed legislation stipulates consent before collecting personal data and provides for stiff penalties as high as Rs 500 crore on persons and companies that fail to prevent data breaches, including accidental disclosures, sharing, altering or destroying personal data. Companies can store data for only specified periods.</p>.<p>It has proposed a graded penalty system for Data Fiduciaries and Data Processors in case of any violation. Data Fiduciaries are entities which process personal data, either by themselves or with the help of Data Processors.</p>.<p>The draft has proposed a penalty of up to Rs 250 crore in case the Data Fiduciary or Data Processor fails to protect against personal data breaches in its possession or under its control.</p>.<p>The draft has also proposed a penalty of up to Rs 200 crore in case Data Fiduciary or Data Processor fails to inform the Board and data owner about data breach.</p>.<p>Besides, the Bill proposes to impose a penalty of Rs 10,000 on individuals providing unverifiable or false information while applying for any document, service, proof of identity or address etc and for registering a false or frivolous complaint with a Data Fiduciary or the Board.</p>.<p>The draft, aimed at protecting digital personal data, seeks to allow transfer of data outside India, and provides for penalties regarding data breaches. It is open for public comment till December 17. The government hopes to table the Bill in the next session of Parliament.</p>.<p><strong>Also Read: <a href="https://www.deccanherald.com/national/data-bill-to-achieve-multiple-objectives-mos-it-1163681.html" target="_blank">Data bill to achieve multiple objectives: MoS IT</a></strong></p>.<p>Commenting on the draft legislation, Ministry of Electronics and Information Technology Ashwini Vaishnaw said, “The bill focuses is on protecting Internet users from all kinds of online harm, and creates a safe and trusted digital ecosystem keeping in mind that India is a digital economy powerhouse today.”</p>.<p>The bill has a provision to allow entities to transfer the personal data of a citizen outside the country in cases where the processing of personal data is necessary for enforcing any legal right or claim, the performance of any judicial or quasi-judicial function, investigation or prosecution of any offence or data if the owner is not within the territory of India and has entered into any contract with any person outside the country.</p>.<p>The draft also gives powers to the Union government to exempt state agencies from provisions of the bill “in the interests of sovereignty and integrity of India” and to maintain public order.</p>.<p>Internet Freedom Foundation (IFF), an NGO, had said that “If the law is not applied to government instrumentalities, data collection and processing in the absence of any data protection standards could result in mass surveillance.”</p>