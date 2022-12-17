December 17, 2022 08:08 pm | Updated 08:08 pm IST - NEW DELHI

The Ministry of Electronics and Information Technology has extended the last date for receiving public comments on the Digital Personal Data Protection Bill, 2022, till January 2, 2023. The earlier deadline was December 17.

Under the new draft Bill, the government has recommended penalty for significant non-compliance not exceeding ₹500 crore in each instance. The Board to be constituted under the proposed law will inquire into the nature, gravity and duration of the non-compliance; its type and nature of the personal data affected; repetitive nature of the violation and other related aspects to determine the guilt.

The 2019 Bill had suggested a penalty of ₹15 crore or 4% of the global turnover of the entity involved.

In response to a question in the Lok Sabha, pertaining to the new draft Bill, the government recently said that the draft Bill “sets out the rights and duties of the citizen (Digital Nagrik) and the obligations of the data fiduciary to use the collected data lawfully”.

“As part of the compliance framework, it envisages the setting up of a Data Protection Board of India to determine non-compliance with the provisions of the draft Bill, impose penalty for such non-compliance, and perform such other functions as the Central government may assign to it under the provisions of the draft Bill or any law,” it said.

The government said that currently, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, provided the security practices and procedures that a body corporate or any person collecting, receiving, possessing, storing, dealing or handling information on behalf of the body corporate is required to observe for protecting personal data of users.

“These practices and procedures include the requirements that such body corporate or person publish on the website a policy for privacy and disclosure of personal information, data or information, to use information collected for the purpose for which it has been collected, to keep it secure and to obtain prior permission of the information provider for disclosing personal data,” it added.