The government has extended till the month end the deadline for public feedback on the draft personal data protection bill which moots seeking "explicit consent" for processing 'sensitive personal information' like religious or political beliefs, sexual orientation and biometric details.
The government has extended till the month end the deadline for public feedback on the draft personal data protection bill which moots seeking “explicit consent” for processing ‘sensitive personal information’ like religious or political beliefs, sexual orientation and biometric details. It had earlier set September 10 as the deadline for public comments. “This is to inform that the date of feedback submission has been extended till 30 September 2018,” the IT Ministry said in a statement.
In July end, a high-level panel headed by Justice B N Srikrishna submitted its recommendations and the draft bill on data protection to IT Minister Ravi Shankar Prasad. It suggested steps for safeguarding personal information, defining obligations of data processors as also rights of individuals, and proposed penalties for violation.
The areas covered by the recommendations include consent, what comprises personal data including sensitive personal data, exemptions which can be granted, grounds for processing data, storage restrictions for personal data, individual rights and right to be forgotten.
The draft of Personal Data Protection Bill, 2018 restricts and imposes conditions on the cross-border transfer of personal data, and suggests setting up of Data Protection Authority of India to prevent any misuse of personal information. It provides for a penalty of Rs 15 crore or 4 per cent of the total worldwide turnover of any data collection entity, including the state, for violation of personal data processing provisions.
Failure to take prompt action on a data security breach can attract a penalty of up to Rs 5 crore or 2 per cent of turnover, whichever is higher. The Internet and Mobile Association of India (IAMAI) Tuesday had expressed concern on the draft bill, saying certain clauses around data localisation and information processing are “restrictive” and will hurt Indian start-ups. The industry body, which recently organised a stakeholders’ consultation on the document, said Indian start-ups are “likely to be hit hard” by the proposed data protection bill.