9.1 C
New Delhi
Saturday, December 14, 2024
HomeTechGovernment to do away with data localisation requirement in new Personal Data...

Government to do away with data localisation requirement in new Personal Data Protection Bill draft


The government will propose to allow transfer of data and its storage in “trusted geographies” in the revised draft of the data protection Bill, doing away with the data localisation requirement proposed in the earlier version, people privy to the matter told ET. The government will define which geographies are “trusted” from time to time.


Criminal penalties proposed on employees of companies involved in data breach also will be scrapped in the new draft, which is likely to be released for public consultation this week. Instead, financial penalties of as much as Rs 200 crore, multiplied by the number of users impacted, will be imposed per breach, an official said. A Data Protection Board will be set up to “adjudicate the consequences of any data breaches” and decide on the penalty, this official added.

The Personal Data Protection (PDP) Bill — the draft of which was withdrawn in August after five years in the making — is being renamed the Digital Data Protection Bill. The revised draft will also drop provisions to regulate non-personal data and social media.

Some early-stage startups will be exempted from the provisions of the Bill.

“It is a different Bill from the PDP Bill. It deals with digital personal data,” said the official. “It is a qualitatively different approach. It is a much simpler Bill so that it does not become the last word on data protection. It will continue to evolve (with the changing technology).”

Clauses on criminal penalty, non-personal data and social media regulation along with provision on data localisation were among the most contentious clauses in the old draft. The Bill had seen major pushback from large tech companies as well as Indian startups.

Discover the stories of your interest



In August, the government withdrew the older version of the Bill, which had 81 suggestions for amendments and another 12 for other tweaks from a joint parliamentary committee that studied the draft for close to two years.

IT minister Ashwini Vaishnaw had then told ET that the government would bring in a revised version of the draft along with a comprehensive digital legal framework in the country.

The official cited earlier said the revised Bill “has provisions related to the obligations of the fiduciary and the rights of the data principal. There will be a Data Protection Board that will adjudicate the consequences of any data breaches. It will adjudicate any disputes on misuse or breach of data”.

On data localisation, the official said data transfer and storage would be in trusted geographies. This means that the government will, from time to time, say which are the areas that can be trusted or not and wherever there is a “reciprocity” of those geographies with the government of India.

There will be no segregation of data, such as sensitive, critical or personal, as per the revised draft. The earlier definition “made no sense. Personal data is personal data. A breach is a breach, whether it is sensitive or not”, the official added.

The Data Protection Board will decide the penalties for a breach. So, if there are 1,000 people impacted by a very serious breach, the consequence could be as high as Rs 200 crore thousand times, the official said. “Rs 200 crore is the maximum that the Data Protection Board will decide based on the nature of the breach, the type of data that has been breached, and how it affects. That is where this critical, sensitive (type of data), etc., will come into play.”

In case a company does not agree with the penalty imposed by the board, it can appeal the decision in a court of law, the official said.

The Ministry of Electronics and IT is also working on overhauling its two-decade-old Information Technology Act, 2000 and renaming it the Digital India Act. The new legislation is also “around the corner”, said the official, and will take care of regulations relating to new age technologies such as metaverse, etc.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.



Source link

- Advertisment -

YOU MAY ALSO LIKE..

Our Archieves