The Union cabinet on Wednesday cleared the Digital Personal Data Protection Bill, which is likely to be tabled in the monsoon session of Parliament beginning July 20.
The bill has kept all the provisions of the last draft that was released for consultation in November, but has now proposed a lower penalty for data breaches, sources said.
A penalty of up to Rs 250 crore will be imposed both on data fiduciaries and data processors for the breach of data in their possession.
They will be fined Rs 200 crore if they fail to inform the owners of the data or the proposed Data Protection Board of the breach, the sources said.
The earlier draft released in November had proposed a much higher penalty of Rs 500 crore on the data fiduciaries, which are the point of collection of data such as an online e-commerce portal.
The sources said government entities have not been granted blanket exemption on data use under the proposed law.
In the November draft, the government hadexempted itself and its agencies from scrutiny even as they had the right to use the data for an indefinite period.
The bill has proposed a Data Protection Board to monitor the provisions of the act. “In case of disputes, Data Protection Board will decide. Citizens will have the right to claim compensation by approaching the civil court. There are a lot of things that will evolve gradually,” the source said.
Individuals have the right to seek details ondata collection, storage and processing of their data.
All online and offline data in India will fall under its legal domain.
Personal data can be processed under this bill only if an individual has consented to it. There are some exceptions when the government might need data on grounds of national security and law and order, the sources said.
Entities collecting data under the bill will have to secure it and later delete the data after use.
“It is hoped that the bill does not leave a lot of provisions to be codified through rules and provides a good picture of what can be expected of the long-awaited privacy law,” Anupam Shukla, partner, Pioneer Legal, said.
Avisha Gupta, partner, Luthra and Luthra Law Offices India, said: “While a copy of the cabinet approved Bill is not yet released, some key areas of interest to the industry would be permissibility of cross border data transfers, role and powers of the digital protection board, conflict with other overlapping sectoral laws and potential penalties.”
Mathew Chacko, partner, Spice Route Legal, said: “We are cautiously optimistic that given the extensive consultations, the government would have addressed the concerns around grounds of processing and the issues that extensive powers of interception could cause for Europe-India data transfers.”
