Govt Could Also Be Held Liable For Data Breach Under New Data Protection Bill: Report

Govt Could Also Be Held Liable For Data Breach Under New Data Protection Bill: Report

SUMMARY

Bill exempts certain government-notified fiduciaries from sharing information with their respective data owners owing to frivolous applications under RTI

The report said that data transfer and storage in other countries will be done based on mutual agreements

After being in limbo for close to three years now, a rehashed version of the draft Bill was unveiled on November 18 and will be open for public comments till December 17

With the government releasing the Digital Personal Data Protection Bill, the debate about its provisions have intensified. It now appears that even the government could be held liable in the event of a data breach. 

“The Bill is mainly to make those entities accountable that are monetising data. In case of data breach, even the government is not exempted,” a source was quoted as saying by news agency PTI

Citing frivolous applications under the Right to Information (RTI) Act that burden government departments, a source also said that the Bill would exempt certain government-notified fiduciaries from sharing information with their respective data owners.

It is pertinent to note that, under the proposed law, all data fiduciaries are answerable to data owners on information related to data processing under an RTI mandate within the Bill. It also seeks to exempt some entities from sharing information for reasons ranging from national security to the nature and volume of personal data processed.

On the sections within the Bill that allow cross-border data transfers, the source added that data transfer and storage in other countries will be done based on mutual agreement and recognition of each other.

According to the source, the proposed law’s ambit will only be limited to digital data 

After being in limbo for close to three years now, a rehashed version of the draft Bill was unveiled on Friday (November 18). Called the Digital Personal Data Protection Bill 2022, the Bill will be open for public comments till December 17. Post that, the Bill will be tabled in the Parliament, which would likely happen by the next year itself. 

The new Bill defines the word data alongside data fiduciaries and data principals. Apart from that, it has also narrowed the scope of the usage of personal data by companies and mandates data localisation and storage norms. 

It also imposes heavy penalties ranging from INR 50 Cr to INR 500 Cr on those violating the proposed norms. The Bill also proposes establishing an online redressal forum for grievance redressal and enforcement of new norms. 

“The Central Government may by notification, having regard to the volume and nature of personal data processed, notify certain data fiduciaries or class of data fiduciaries as data fiduciary to whom the provisions of Section 6, sub-sections (2) and (6) of section 9, sections 10, 11 and 12 of this Act shall not apply,” noted the Bill while talking about exemptions. 

It is yet to be clear whether social media platforms could avail such exemptions as data fiduciaries. If it goes through, it could also increase compliance burdens on these big tech giants. 

Meanwhile, experts and critics have come out all guns blazing against the new Bill. Former Justice BN Srikrishna, who headed the panel that submitted the first version of the privacy law in 2018, said that parts of the Bill concerning deemed consent clauses are unconstitutional

“This is symbolic of the vague and unchecked powers that the Union government has retained for itself to frame rules at a later stage in the absence of legislative guidance,” added internet advocacy group Internet Freedom Foundation.

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Govt Could Also Be Held Liable For Data Breach Under New Data Protection Bill: Report-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Govt Could Also Be Held Liable For Data Breach Under New Data Protection Bill: Report-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Govt Could Also Be Held Liable For Data Breach Under New Data Protection Bill: Report-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Govt Could Also Be Held Liable For Data Breach Under New Data Protection Bill: Report-Inc42 Media
Govt Could Also Be Held Liable For Data Breach Under New Data Protection Bill: Report-Inc42 Media
You’re in Good company