The Digital Personal Data Protection Bill, 2022, was released on Friday, November 18, it is a revised version of an earlier draft law. It enforces hefty penalties for non-compliance with data protection regulations but these penalties are capped and do not fluctuate according to the turnover of the entity.

The bill allows for smoother cross border data flows and offers relief to big tech companies, as well as easy compliance requirements for start ups. However, the legislation provides a near blanket exemption from some of the more stringent requirements to government agencies and reduces the authority of the proposed Data Protection Board which has been mandated to oversee all provisions within the proposed laws.

The Ministry of Electronics and IT said that this bill strikes a delicate balance between global approaches and adhering to Supreme Court rulings on the right to privacy and that too all within reasonable restrictions.

GDPR, EU’s landmark General Data Protection Regulation or GDPR, has substantially influenced legislation in nearly 160 countries.

While comparisons have been drawn with GDPR, the Government of India’s view this version of the Data Protection Bill as only one of the pieces that form part of its larger policy vision for the entire digital economy.

This larger policy includes a comprehensive digital India Act that may eventually replace the existing IT Act, the new data protection Bill that has just been unveiled, and the new telecom Bill that was put in the public domain last month.