Connect with us

Policy Watch

Digital Personal Data Protection Bill, 2022: Fine Of Rs 500 Crore, Cross Boarder Data Transfer & More, All You Need To Know



Digital Personal Data Protection Bill, 2022: Fine Of Rs 500 Crore, Cross Boarder Data Transfer & More, All You Need To Know

NEW DELHI: Three months after its withdrawal from the Lok Sabha, the Indian government has produced a new draft of the data protection bill.

The revised Digital Personal Data Protection Act of 2022 is anticipated to be introduced during the subsequent legislative session.

The Ministry of Electronics and Information Technology (MeitY) will accept public comments until December 17.


There are 76 billion active Internet users in India, and this figure will continue to rise. The processing of data is essential for a nation to be business-friendly. It should not, however, infringe the right to privacy. This is the purpose of a data protection statute.

Given the amount of time we spend online, such a rule is crucial for all of us.

Act recognizes both the right to privacy and the necessity to process data

According to the bill, the purpose of the act is to “provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process personal data for lawful purposes, and for matters connected with or incidental thereto.”

If the bill passes, it will be known as the Digital Personal Data Protection Act of 2022.

The proposal permits the international sharing of personal data

In a huge victory for IT giants, the draft allows for the international exchange of data to specified countries.

In such instances, the government will notify the country or territory to which an organisation may transmit personal data. The proposal did not identify the nations.

The movement of personal data across international borders with minimal regulation has been a longstanding desire of technology corporations.

The maximum penalty for noncompliance is Rs. 500 core

The government has enhanced the penalty for violating clauses in the revised draft. The maximum fine for failing to implement measures to avoid a data leak is now Rs 250 crore.

If the companies fail to notify the authority and affected users of a data breach, it would be subject to an additional Rs. 200 crore penalties.

There are further penalties, but the total will not exceed 500 rupees.

A firm cannot hold data eternally

The proposal suggests that the data acquired by a corporation should only be used for the intended purpose.

It also states that a company should not preserve data indefinitely and must delete it after the purpose for which it was obtained has been met or when it is no longer required for legal or business purposes.

The bill establishes the Data Protection Board.

The bill establishes the Data Protection Board of India. The board will determine noncompliance with the act’s terms and, if necessary, issue a penalty.

Why was the prior draft retracted?

In 2019, the prior draft was tabled. However, it was withdrawn due to the Joint Parliamentary Committee’s recommendation of 81 modifications to a 91-section measure.

In addition, there were twelve key recommendations. The government concluded that it had no choice but to withdraw the law.

The previous legislation was criticized for favoring government agencies and large enterprises.

Follow on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube

Continue Reading