The government has raised the penalty amount to up to Rs. 500 crore for violating the provisions proposed under the draft Digital Personal Data Protection Bill 2022 issued on Friday. The draft personal data protection bill in 2019 proposed a penalty of Rs. 15 crore or 4 percent of the global turnover of an entity.
The draft proposes to set up a Data Protection Board of India, which will carry on functions as per the provisions of the bill.
“If the Board determines at the conclusion of an inquiry that noncompliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such a financial penalty as specified in Schedule 1, not exceeding rupees five hundred crore in each instance,” the draft said.
The draft has proposed a graded penalty system for data fiduciary that will process the personal data of data owners only in accordance with the provisions of the Act.
The same set of penalties will be applicable to the Data processor — which will be an entity that will process data on behalf of the Data Fiduciary.
The draft proposes a penalty of up to Rs. 250 crore in case the Data Fiduciary or Data Processor fails to protect against personal data breaches in its possession or under its control.
The draft is open for public comment till December 17.
Earlier this week, Minister of State for Electronics and IT Rajeev Chandrasekhar said that the proposed data protection bill will put an end to misuse of customer data, and violators will face punitive action under the rule.
The minister was responding to a question on Google’s settlement of an investigation in the US which outlines that the Internet giant misled users and continued tracking their location even after they opted out of the location tracking system. Google has agreed to settle the lawsuit for which it will pay around $392 million (roughly Rs. 3,203 crore), according to a statement issued by the Oregon Department of Justice.