₹250 crore per instance for data breaches, which can be raised up to ₹500 crore by the Data Protection Board that will be constituted as an appellate body. The penalties will be decided on a case-to-case basis, depending on the severity, extent of harm or loss, scale and number of people impacted by the breach, and the clauses that have been specified in the bill. The bill is likely to be presented in the upcoming monsoon session of Parliament.
“The board will comprise mainly of professionals, as many as possible. It will be an independent body, and its powers will be specified in the law. It will recommend the penalties, which can go up to ₹250 crore.
If it recommends above that level up to ₹500 crore, the Cabinet has to be apprised and it has to be presented in Parliament, but for anything beyond ₹500 crore, the law will have to be amended. It will not be an arithmetic calculation, and this is a field which is rapidly evolving," one of the two people said on condition of anonymity. The government intends to have a simple rule book for the implementation of the law for easier and faster compliance and hence has kept a short time frame for the rules and regulations to be executed.
“Plans have been made in advance on how it will be rolled out. It will be digital by design," the person added. The bill will mention special circumstances, such as a pandemic, law enforcement requirements, protection of IP rights within employment, golden hour for medical treatment and natural disasters, under which deemed consent will not be sought from users by government agencies.
Read more on livemint.com