IT Ministry gets over 400 responses on draft personal data protection bill

PTI New Delhi | Updated on October 11, 2018

The IT Ministry has received more than 400 responses from companies, industry bodies and government departments on the draft personal data protection bill, and will take stock of suggestions before its proposed introduction in Parliament, according to a senior official.

The deadline to submit suggestions on the government’s draft personal data protection bill closed on Wednesday.

An official, who did not wish to be named, said the IT Ministry will start systematically analysing and crystallising the responses now, following which, it will further consult related stakeholders and certain ministries like Law and Justice.

The official said some of the responses talk of how the language of the draft bill can be tightened to avoid its multiple interpretation in the future, and added that some suggestions were around the costs surrounding mandatory localisation or storage of data, that the bill proposes.

Data localisation

Many global industry bodies have contended that data localisation proposed in the draft bill could have “significant negative effects” on the ability of companies to do business in India.

The ministry hopes to take stock of all the feedback over the next 1.5 months and give final touches to the draft by November-end, for its subsequent introduction in Parliament.

It suggests steps for safeguarding personal information, defining obligations of data processors as also rights of individuals, while proposing penalties for violation.

The areas covered by the recommendations include consent, what comprises personal data including sensitive personal data, exemptions which can be granted, grounds for processing data, storage restrictions for personal data, individual rights and right to be forgotten.

Misuse of personal information

The draft of Personal Data Protection Bill, 2018 also restricts and imposes conditions on the cross-border transfer of personal data, and suggests setting up of Data Protection Authority of India to prevent any misuse of personal information.

It provides for a penalty of Rs 15 crore or 4 per cent of the total worldwide turnover of any data collection entity, including the state, on violation of personal data processing provisions.

Failure to take prompt action on a data security breach can lead to a penalty of up to Rs 5 crore or 2 per cent of turnover, whichever is higher.

Published on October 11, 2018

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like