Government tabled the Digital Personal Data Protection Bill in Lok Sabha amid demands by opposition members that it be refer to a parliamentary panel for scrutiny. While moving the bill, IT Minister Ashwini Vaishnaw reject suggestions that it was a money bill. Ashwini Vaishnaw said it was a “normal bill“.
Many opposition members oppose the bill at the introduction stage, questioning the measure.
Congress leader in Lok Sabha Adhir Ranjan Chowdhury and his party colleagues Manish Tewari and Shashi Tharoor said the issue of Right to Privacy was involve and the government should not rush with the bill.
The Centre had previously introduce the Personal Data Protection Bill 2019 in Parliament.
The Personal Data Protection Bill was sent for consideration to the Joint Committee of Parliament.
The Joint Committee, after consultations, submit a report to the Speaker.
In view of the feedback by stakeholders and various agencies, the Personal Data Protection Bill was withdrawn in August 2022.
On 18th November, 2022, the government publish a new draft Bill, title as the Digital Personal Data Protection Bill 2022, and initiate a public consultation on this draft.
A comprehensive and detail consultation was held on this subject.
21,666 comments were receive from the public and a series of consultations were held with 46 sector organisations, associations and industry bodies.
Comments were also receive from 38 ministries/departments of the Government of India.
The reintroduce draft Digital Personal Data Protection Bill 2022 propose six types of penalties on non-companies to companies.
To prevent a personal data breach, a penalty of up to Rs. 250 crore is being propose in the draft bill which was put out for public comments.
Besides, failure to notify the Board and affected Data Principals in the event of a personal data breach and non-fulfilment of additional obligations in relation to Children may attract a penalty of up to Rs. 200 crore.
Non-fulfilment of additional obligations of Significant Data Fiduciary under sections 11 and 16 of the Act may attract Rs. 150 crore and Rs. 10 crore fines, respectively.
Entities May Face Penalty of Up to Rs. 250 Crore on Failing to Protect Data
Entities misusing or failing to protect digital data users may face penalty of up to Rs. 250 crore, according to the Digital Personal Data Protection Bill 2023 which lays down obligations of entities handling and processing data as well as rights of individuals.
The Digital Personal Data Protection Bill which was introduce in Parliament moots creation of Data Protection Board of India and provides protection to the Centre, the board and its members, on “action taken in good faith“.
The Digital Personal Data Protection Bill has relaxe penalty norms compare to the proposal made in the draft DPDP that was circulate for public consultation in November 2022.
As per Digital Personal Data Protection Bill :
"If the board determines on conclusion of an inquiry that breach of the provisions of this Act or the rules made thereunder by a person is significant, it may, after giving person an opportunity of being heard, impose such monetary penalty specified in the schedule,".
Under the schedule, maximum of Rs. 250 crore and minimum Rs. 50 crore can be impose on entity violating the norms.
According to Bill :
"No suit, prosecution or other legal proceedings shall lie against the central government, the board, its chairperson and any member, officer or employee thereof for anything which is done or intended to be done in good faith under the provisions of this Act or the rules made thereunder,".
Provisions under the bill enable the Centre to block access to content in the interest of general public on getting reference in writing from the board.
Minister of State for electronics and IT Rajeev Chandrasekhar said that the bill after it is pass by Parliament, will protect rights of all citizens, allow innovation economy to expand and permit the government’s lawful and legitimate access in national security and emergencies like pandemics and earthquakes etc.
Rajeev Chandrasekhar said :
“It will take a lot of the concerns and lot of misuse and exploitation that is done by many of these (online) platforms. Puts a break on that once and for all. This is certainly a legislation that will create deep lasting behaviourial change and create high punitive consequences for any or all platforms that misuse or exploit personal data of any Indian citizen,”.
