The joint parliamentary committee on personal data protection has re-introduced a recommendation of charging heavy penalties for serious data violations in its final report with fines up to Rs 150 million, or 4 per cent of global turnover. The penalty for comparatively lesser violations will have a limit of Rs 50 million, or 2 per cent of turnover.
In the final report, the committee also brought back the penalty clause of the higher of Rs 50 million, or 2 per cent of global turnover, for certain provisions, including failure to take prompt and appropriate action in response to a data security breach; failure to register with the proposed data protection authority; failure to undertake a data protection impact assessment or conduct a data audit; and failure to appoint a data protection officer.
The top penalty of the higher of Rs 150 million, or 4 per cent of global turnover, will be applicable for violations in processing of personal data of users and children; failure to adhere to security safeguards; and violations in transfer of personal data outside India.
The provision, if it becomes a law, will act as a strong deterrent for social media giants and top tech companies such as Facebook, Instagram, Google, Amazon, and Apple.
The panel report also noted that in case of violations by a state, the penalties will be capped at Rs 150 million for serious breach and Rs 50 million for those of a lesser nature.
