The House panel rules on fines of up to Rs 15 crore for data breaches | India News – Times of India

NEW DELHI: The Joint Parliamentary Committee on Personal Data Protection has reintroduced a recommendation on severe sanctions for serious data breaches in its final report with fines of up to Rs 15 crore or 4% of global turnover, while minor breaches will have a limit of 5 mia. Rs or 2% turnover.
The provision, if it becomes a law, will have a strong deterrent effect on social media giants and top technology companies like Facebook, Instagram, Google, Amazon and Apple. The final report, presented to parliament on Thursday, brought back the sanctions – the provision had been left to the government in the draft report – much in line with the original provisions of the 2019 Data Protection Bill, as well as the EU General Data Protection Regulation (GDPR).
The Joint Parliamentary Committee had seen heated discussions on the proposal to drop the clauses, and the committee chairman and senior BJP leader PP Chaudhary had agreed that sanctions should be reinstated with a cap on the terms of the fine after opposition MPs registered their objections.
Interestingly, the turnaround in the committee comes after the provision had been dropped in the draft report, where the committee had left the issue of penalty quantification in the hands of the state.
“In the Committee’s view, such quantification may not be possible as there are no clear mechanisms for quantifying the ‘worldwide turnover’ of the company and that of its group entities. Also in view of the rapidly changing dynamics of evolving digital technologies, the committee that it would be wise to enable the government to quantify the sanctions, “the panel said in its draft report from November.
The panel members are i.a. Jairam Ramesh, Manish Tewari, Vivek Tankha, and Gaurav Gogoi (from Congress), Derek O’Brien and Mahua Moitra (from the Trinamool Congress), and Amar Patnaik and Bhartruhari Mahtab (from Biju Janata Dal), who had expressed their objections to the specific wording that penalties be abolished. The lack of specificity would have meant relief for internet giants, especially as many of them have been under regulatory scans across the globe due to massive breaches of user information, data breaches, illegal processing and lax supervision.
In the final report, the committee also brought the fine provision back to the highest of 5 billion. Rs, or 2% of global turnover, for certain provisions, including failure to take prompt and appropriate action in response to a data security breach; failure to register with the proposed data protection authority; failure to conduct a data protection impact assessment or perform a data audit; and failure to appoint a data protection officer.
The highest penalty of Rs 15 crore, or 4% of global revenue, comes for violations in the processing of personal data about users and children; non-compliance with security measures; and breaches of personal data transfer outside India.
The reintroduction of sanctions will be a worrying fact for companies such as Facebook and Instagram, which have been under investigation in India for various violations, including a CBI investigation into the Cambridge Analytica episode. The difficulties for companies have only worsened after revelations from former Facebook employee and whistleblower Frances Haugen, who had highlighted the social media giant’s inability to moderate content worldwide as well as in India, and accused the group of prioritizing profits over security.
There have also been allegations of data breaches against Amazon and its handling of data in India.
The panel report says that in case of violations by a state, the sanctions will be limited to Rs 15 crore for serious violations and Rs 5 crore for those of minor nature.


Source link

Leave a Comment