The government will also be held accountable for the data breach, said a government source.
The source said the Bill will only deal with aspects related to digital data, as the Ministry of Electronics and IT has to deal with the digital and cyber sector.
The source said, “The bill is mainly to make accountable those institutions which are monetizing the data. The government is also not exempt in the matter of data breach.
Under the proposed draft of the Digital Personal Data Protection Bill 2022, the government has increased the penalty amount to Rs 500 crore for violating the provisions.
The draft Bill also exempts certain entities notified by the government as entities that decide the manner and purpose of processing personal data from certain compliances.
Several such provisions have been made in the draft Bill to ensure that data processing entities collect data only with the explicit consent of individuals. Also, the data will be used only for the purpose for which it has been collected.
If these units or entities processing data on their behalf violate any of the provisions of the Bill, the draft proposes a fine of up to Rs 500 crore.
The source said that a large number of applications have come under the Right to Information Act, which are unnecessary. Due to this the burden of government departments has increased. Keeping this in mind, institutions notified by the government have been exempted from the RTI clause.
Transfer and storage of data in other countries will be allowed on the basis of mutual agreement and trust, he added.