*The Indian Government聽 issues the first draft of the country’s Digital Personal Data Protection Bill for public consultation, as it urges聽 stakeholders to submit their contributions on the regulatory instrument by December 17, 2022

Gbenga Kayode | 绿帽献妻

The Indian Government Friday, November 18 released the country’s Digital Personal Data Protection Bill, 2022, which drops non-personal data and social media from its purview.

It is recalled the union government August this year had withdrawn the Personal Data Protection Bill, 2021 after working on it for five years.

The government then resolved that it would replace it with “a comprehensive legal framework.”

绿帽献妻 learnt the country disclosed the Digital Personal Data Protection Bill 2022 was designed to address 鈥渁ll of the contemporary and future challenges of the digital ecosystem”.

The Indian Government also said the released the first draft of the Digital Personal Data Protection Bill for public consultation urged stakeholders to submit their views on it by December 17, 2022.

However, the comments and submissions by stakeholders on the draft data protection bill will not be made public 鈥渢o enable persons submitting feedback to provide the same freely,鈥� agency report stated.

Major changes in new draft bill

In a related development, in the draft of the new data bill, renamed as the Digital Data Protection Bill, would drop provisions seeking to regulate non-personal data and social media, and would allow the storage and transfer of data in 鈥渢rusted鈥� jurisdictions, which would be defined by the government from time to time.

Earlier, report had indicated that the revised draft bill called for stiff financial penalties for organisations that failed to contain data breaches, or inform users and the government about such incidents.

According to the final draft of the bill, any organisation, data fiduciary or processor handling the personal data of users that fails to “take reasonable security safeguards to prevent personal data breach”, faces a fine of up to Rs 200 crore.

It also states if an organisation fails to “notify the [Data Protection Board] and affected data principals (users) in the event of a personal data breach that is likely to result in significant harm to data principals, a penalty of up to Rs 150 crore shall be imposed鈥�.

The bill as well proposes a similar penalty for organisations that don鈥檛 fulfil certain additional obligations in relation to minors.

Kindly Share This Story