Data Protection Bill: Even govt will be held accountable for breach, says source

NEW DELHI: The Digital Personal Data Protection Bill will also hold the government liable in case of a data breach, a government source said on Saturday.

The source said that the bill will only cover aspects around digital data as the Ministry of Electronics and IT's mandate is to deal with digital and cyberspace.

"The bill is mainly to make those entities accountable that are monetising data. In case of a data breach even the government is not exempted," the source said.

The draft Digital Personal Data Protection Bill has exempted certain entities notified as data fiduciaries by the government from various compliances, including sharing details for the purpose of data collection.

The draft has come up with various provisions to ensure data handling entities collect data with the explicit consent of individuals (or data principals) and use it only for the purpose for which it has been collected.

The draft has proposed a penalty of up to Rs 500 crore in case data fiduciaries or entities processing data on their behalf violate any provision of the bill.

"The Central Government may by notification, having regard to the volume and nature of personal data processed, notify certain Data Fiduciaries or class of Data Fiduciaries as Data Fiduciary" to whom the certain provisions of the Act shall not apply, the draft said.

The provisions deal with informing an individual about the purpose for data collection, collection of children's data, risk assessment around public order, and appointment of a data auditor, among others.

The bill proposes to exempt government-notified data fiduciaries from sharing details of data processing with the data owners under the "Right to Information about personal data".

The source said that there have been frivolous applications under the Right to Information Act which overburden government departments and therefore the government-notified entity has been exempted from the RTI clause.

Elaborating on rules to allow data transfer outside India, the source said data transfer and storage in other countries will be done based on mutual agreement and recognition of each other.

NEW DELHI: The Digital Personal Data Protection Bill will also hold the government liable in case of a data breach, a government source said on Saturday. The source said that the bill will only cover aspects around digital data as the Ministry of Electronics and IT's mandate is to deal with digital and cyberspace. "The bill is mainly to make those entities accountable that are monetising data. In case of a data breach even the government is not exempted," the source said. The draft Digital Personal Data Protection Bill has exempted certain entities notified as data fiduciaries by the government from various compliances, including sharing details for the purpose of data collection. The draft has come up with various provisions to ensure data handling entities collect data with the explicit consent of individuals (or data principals) and use it only for the purpose for which it has been collected. The draft has proposed a penalty of up to Rs 500 crore in case data fiduciaries or entities processing data on their behalf violate any provision of the bill. ALSO READ | Govt proposes penalty of up to Rs 500 cr for breach under Data Protection Bill "The Central Government may by notification, having regard to the volume and nature of personal data processed, notify certain Data Fiduciaries or class of Data Fiduciaries as Data Fiduciary" to whom the certain provisions of the Act shall not apply, the draft said. The provisions deal with informing an individual about the purpose for data collection, collection of children's data, risk assessment around public order, and appointment of a data auditor, among others. The bill proposes to exempt government-notified data fiduciaries from sharing details of data processing with the data owners under the "Right to Information about personal data". READ | Centre proposes six types of penalties under draft Data Protection Bill The source said that there have been frivolous applications under the Right to Information Act which overburden government departments and therefore the government-notified entity has been exempted from the RTI clause. Elaborating on rules to allow data transfer outside India, the source said data transfer and storage in other countries will be done based on mutual agreement and recognition of each other.