Centre proposes six types of penalties under draft Data Protection Bill

Non-fulfilment of additional obligations of Significant Data Fiduciary under sections 11 and 16 of the Act may attract Rs 150 crore and Rs 10 crore fines, respectively.

Published: 18th November 2022 05:25 PM  |   Last Updated: 19th November 2022 09:12 AM   |  A+A-

data privacy , cyber security

Image for representation

Express News Service

NEW DELHI: Three months after withdrawing the data protection bill following protests from big technology companies, the Centre on Friday released the draft of a new comprehensive law, making some of the provisions even more stringent. 

According to the new proposed law, Digital Personal Data Protection Bill 2022, entities will have to pay as much as Rs 250 crore in case of failure to take reasonable measures to prevent data breach, against Rs 15 crore or 4% of the global turnover of an entity proposed in the previous bill, which was withdrawn in August. 

The new draft, which is open for consultation till December 17, 2022, also proposes to set up a Data Protection Board, which will carry on functions as per the provisions of the Bill. Failure to notify the board of any personal data breach will invite penalties up to Rs 200 crore. Non-fulfilment of additional obligations in relation to children will also attract a similar fine. Also, non-fulfilment of additional obligations of significant data fiduciary will attract penalties up to Rs 150 crore.

The government has made several changes after withdrawing the Personal Data Protection Bill 2019 during the monsoon session of Parliament this year. This is the fourth iteration of the Bill. The government in its explanatory note of the Bill said the purpose of the legislation is to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process personal data for lawful purposes. 

Minister of state for electronics and IT Rajeev Chandrasekhar said the new bill is a modern legislation that will help achieve Prime Narendra Modi’s goal of $1 trillion digital economy. Experts, however, are not impressed. According to the Internet Freedom Foundation, the proposed Data Protection Board lacks autonomy. Also, it “grants vast exemptions to governmental agencies”, it said.

ALSO READ | Govt proposes penalty of up to Rs 500 cr for breach under Data Protection Bill

Heavy fines

Failure of data fiduciary (entity that collects data) or data processor (entity that processes the data — usually a third party) to take reasonable security safeguards to prevent personal data breach: 
Up to `250 crore

Failure to notify in the event of a personal data breach: Up to Rs 200 crore

Non-fulfilment of additional obligations of Significant Data Fiduciary: Up to Rs 150 crore


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp