Professional Documents
Culture Documents
News Columns Interviews Law Firms Apprentice Lawyer Legal Jobs हिंदी ಕನ್ನ ಡ
News
Digital
Aamir Khan
The revised Digital Personal Data Protection Bill, 2022 released by the Ministry
of Electronics and Information Technology (MeitY) for public consultation has
proposed fines of up to ₹500 crore for non-compliance and has eased cross-
border transfer of data to certain countries.
While India will finally have a data protection legislation to secure the
fundamental right to privacy of its citizens in an ever-increasingly cyber-centric
world, data protection advocates have pointed out a few issues with the
proposed legislation, particularly the powers the executive can assume through
it.
A business-friendly legislation?
Existing laws allow data transfer to other countries, provided the receiving
entity follows the same security requirements provided in Indian laws.
“For a business entity, you have to carry out an assessment of our jurisdiction;
of that entity and then map it against the requirement in your entity. Compare
this to a situation where you have a business in a whitelisted country, you can
send and receive data from, so your life becomes so much easier,” explained
data privacy lawyer and Partner at Khaitan & Co, Supratim Chakraborty.
https://www.barandbench.com/news/upto-500-crore-penalty-for-non-compliance-easy-cross-border-data-transfer-the-new-digital-personal-data-protect… 2/8
11/20/22, 1:39 PM Upto ₹500 crore penalty for non-compliance, easy cross-border data transfer: The new Digital Personal Data Protection Bill, 2022
Supratim Chakraborty
"Recognising this, it has been provided in the Bill that personal data may be
transferred to certain notified countries and territories. An assessment of
relevant factors by Central Government would precede such a notification," the
Bill said.
The draft Bill also stated that the Central government would constitute a Data
Protection Board comprising a government-appointed chief executive and
other members. These officials would, however, face “no suit, prosecution or
other legal proceedings” for anything done in good faith under the provisions of
this law.
The Board would penalise violators for amounts of up to ₹500 crore given the
nature, gravity and duration of the non-compliance of provisions of the
proposed law. If an individual to whom the personal data relates is found in
violation of any of her duties, then a fine of ₹10,000 will be imposed.
Chakraborty said though these numbers are big, there would be certain criteria
for the actual quantum.
“It was important to send out a message that perhaps you cannot go scot-free if
you are large player, and get away with a meagre penalty. The government is
consciously trying to de-criminalise laws so they are not talking about
imprisonment. When there is no imprisonment, there has to be some stick that
you have attach to the law wherein the people actually be scared,” he said.
https://www.barandbench.com/news/upto-500-crore-penalty-for-non-compliance-easy-cross-border-data-transfer-the-new-digital-personal-data-protect… 3/8
11/20/22, 1:39 PM Upto ₹500 crore penalty for non-compliance, easy cross-border data transfer: The new Digital Personal Data Protection Bill, 2022
Among the various functions, the Board would initiate inquires by acting on
complaints of individuals or references made to it by the Central or state
governments. The Bill states that no civil court would have any jurisdiction over
any appeal arising out of its orders under the proposed law.
An appeal against any order of the Board shall lie to the High
Court
Data Protection Bill
“An appeal against any order of the Board shall lie to the High Court. Every
appeal made under this section shall be preferred within a period of sixty days
from the date of the order appealed against,” it said.
According to the draft Bill, the Central government, “in the interest of security
and integrity of India,” would exempt State agencies from the provisions of the
Bill.
“Acknowledging national and public interest is at times greater than the interest
of an individual, a clear grounds-based description of exemptions has been
incorporated in the Bill,” said an explanatory note on the Bill.
On August 3, 2022, a previous version of the Bill was withdrawn from Parliament
by the Central government after considering the report of the Joint
Parliamentary Committee.
The new proposed law requires consent of the individual for the processing of
personal data and the individual can withdraw the consent at any point in time
except in situations of public interest, compliance of judicial orders, and other
situations where it would be considered deemed consent.
https://www.barandbench.com/news/upto-500-crore-penalty-for-non-compliance-easy-cross-border-data-transfer-the-new-digital-personal-data-protect… 4/8
11/20/22, 1:39 PM Upto ₹500 crore penalty for non-compliance, easy cross-border data transfer: The new Digital Personal Data Protection Bill, 2022
s tuat o s w e e t wou d be co s de ed dee ed co se t.
The Bill also disallows processing of personal data of children, reasoning that
the same could cause harm to a child.
Some have, however, raised concerns over the powers proposed to be given to
the executive in terms of framing rules under the legislation.
Digital rights advocacy group Internet Freedom Foundation tweeted about the
“lack of legislative guidance” throughout the Bill.
“For the 30 clauses, we have noticed the phrase, ‘as may be prescribed’
mentioned 18 times, often without any legislative guidance. This creates vague,
unguided power for the Union Government to frame rules,” it added.
Read 5 replies
IFF pointed out that the proposed Data Protection Board lacks autonomy and
independence, and would be created and appointed on conditions "as may be
ib d"
https://www.barandbench.com/news/upto-500-crore-penalty-for-non-compliance-easy-cross-border-data-transfer-the-new-digital-personal-data-protect… 5/8
11/20/22, 1:39 PM Upto ₹500 crore penalty for non-compliance, easy cross-border data transfer: The new Digital Personal Data Protection Bill, 2022
prescribed".
Mishi Choudhary
"Rules that the Executive in India has a track record of exploiting to expand its
powers," she pointed out.
Choudhary said that the Bill did not meet the expectations of people protection,
but ensured that the government retained all powers without any checks or
balances.
Attachment
Preview
https://www.barandbench.com/news/upto-500-crore-penalty-for-non-compliance-easy-cross-border-data-transfer-the-new-digital-personal-data-protect… 6/8
11/20/22, 1:39 PM Upto ₹500 crore penalty for non-compliance, easy cross-border data transfer: The new Digital Personal Data Protection Bill, 2022
Attachment
Preview
Related Stories
High Courts flooded with bail petitions because district judges
hesitant to grant bail due to fear of being targeted: CJI DY
Chandrachud
Debayan Roy 4 hours ago
l i h ll f i i i fi hi h
https://www.barandbench.com/news/upto-500-crore-penalty-for-non-compliance-easy-cross-border-data-transfer-the-new-digital-personal-data-protect… 7/8
11/20/22, 1:39 PM Upto ₹500 crore penalty for non-compliance, easy cross-border data transfer: The new Digital Personal Data Protection Bill, 2022
Kerala High Court calls for action against private firm which
offered helicopter service to Sabarimala without permit
Giti Pratap 6 hours ago
News ⌄
Interviews ⌄
Columns ⌄
Others ⌄
Law Firms ⌄
Follow Us
Subscribe
https://www.barandbench.com/news/upto-500-crore-penalty-for-non-compliance-easy-cross-border-data-transfer-the-new-digital-personal-data-protect… 8/8