The government is all set to table Personal Data Protection Bill — which proposes to put restriction on use of personal data without explicit consent of citizen — in the current session of Parliament.
As per the proposal, hefty penalties on entities found violating privacy of users will be imposed.
“The Data Protection Bill will be tabled in the current session,” an IT ministry official said.
The draft of Personal Data Protection Bill, 2018 — which is based on the recommendations of the government-constituted high-level panel headed by Justice B N Srikrishna — restricts and imposes conditions on the cross-border transfer of personal data, and suggests setting up of Data Protection Authority of India to prevent any misuse of personal information.
The draft provides for a penalty of ₹15 crore or 4 per cent of the total worldwide turnover of any data collection entity, including the state, for violation of personal data processing provisions.
“The personal data protection bill will empower an ordinary person to have command over his data. This will prohibit companies from misusing data of public which often leads to breach of privacy of individuals. An entity will have to explicitly share the purpose for which it will use data. The new rule will enable to individuals to take action against misuse of their personal data,” Indian Infosec Consortium CEO Jiten Jain said.
According to the draft proposal, failure to take prompt action on a data security breach can attract up to₹ 5 crore or 2 per cent of turnover, whichever is higher, as a penalty.
“The Bill provides that right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy,” the draft said.
It allowed processing of personal data only for the purpose it is collected or for compliance of any law, employment and for any function of Parliament or any state legislature.