Cabinet approves Digital Personal Data Bill

Synopsis

The Union Cabinet has approved draft of Digital Personal Data Protection (DPDP) Bill 2023 for tabling it in the upcoming monsoon session of Parliament, an official source said on Wednesday. The bill proposes to levy penalty of up to Rs 250 crore on entities for every instance of violation of norms in the bill.



 

The Union Cabinet on Wednesday approved the Digital Personal Data Protection Bill (DPDP), paving the way for voluntary disclosures of data breaches by companies while also providing an alternate dispute resolution mechanism, senior officials said.

The ministry of electronics and information technology (MEITY) will table the bill in the Parliament in the upcoming monsoon session, they added.


Noting that the “voluntary disclosure mechanism is akin to the plea bargain method, an accepted legal procedure in many countries,” one official cited above said “companies can come forward and (admit) to a breach of any (kind) and pay the necessary penalties.”

This much-awaited draft has done away with most criminal provisions for data breaches present in previous versions. However, it empowers the Data Protection Board (DPB) to levy a penalty of up to Rs 250 crore on organisations found to be in breach. It can also increase such fines to a maximum of Rs 500 crore with requisite cabinet approval. Such increases will not require any amendments to the Law, officials said.

This much-awaited draft has done away with most criminal provisions for data breaches present in previous versions. However, it empowers the Data Protection Board (DPB) to levy a penalty of up to Rs 250 crore on organisations found to be in breach. It can also increase such fines to a maximum of Rs 500 crore with requisite cabinet approval. Such increases will not require any amendments to the Law, officials said.

Pointing out that the proposed DPB will consist mostly of independent industry experts and not government officials, people in the know said the board would function as a "digital office." It will be the second layer of adjudication in all matters related to digital personal privacy and data.


“The grievance redressal cell of companies is the first step. The second will be the DPB and then of course there will be courts and the entire legal system at disposal,” officials said.

The IT ministry has decided to retain the definition for children as anyone under the age of 18 in the face of sustained pushback from industry experts.

“It was necessary to ensure the safety of children online since they are very vulnerable,” officials said
Once the Bill is passed in the Parliament, data principals, can request companies to delete data that was collected before any digital personal data protection regime was in place, including that of children, they added.

credit to:- https://economictimes.indiatimes.com/