The IT Ministry has received more than 400 responses from companies, industry bodies and government departments on the draft personal data protection bill, and will take stock of suggestions before its proposed introduction in Parliament, according to a senior official.
The deadline to submit suggestions on the government’s draft personal data protection bill closed on Wednesday.
An official, who did not wish to be named, said the IT Ministry will start systematically analysing and crystallising the responses now, following which, it will further consult related stakeholders and certain ministries like Law and Justice.
The official said some of the responses talk of how the language of the draft bill can be tightened to avoid its multiple interpretation in the future, and added that some suggestions were around the costs surrounding mandatory localisation or storage of data, that the bill proposes.
Data localisation
Many global industry bodies have contended that data localisation proposed in the draft bill could have “significant negative effects” on the ability of companies to do business in India.
The ministry hopes to take stock of all the feedback over the next 1.5 months and give final touches to the draft by November-end, for its subsequent introduction in Parliament.
It suggests steps for safeguarding personal information, defining obligations of data processors as also rights of individuals, while proposing penalties for violation.
The areas covered by the recommendations include consent, what comprises personal data including sensitive personal data, exemptions which can be granted, grounds for processing data, storage restrictions for personal data, individual rights and right to be forgotten.
Misuse of personal information
The draft of Personal Data Protection Bill, 2018 also restricts and imposes conditions on the cross-border transfer of personal data, and suggests setting up of Data Protection Authority of India to prevent any misuse of personal information.
It provides for a penalty of Rs 15 crore or 4 per cent of the total worldwide turnover of any data collection entity, including the state, on violation of personal data processing provisions.
Failure to take prompt action on a data security breach can lead to a penalty of up to Rs 5 crore or 2 per cent of turnover, whichever is higher.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.