Home / News / India /  Data protection bill: Govt mulls exempting early stage startups from complying with norms

Centre is mulling at exempting early stage startups from complying with norms under the proposed Digital Personal Data Protection bill, news agency PTI has reported citing an official source.

The exemption may be for a limited period to assist startups in developing their business models and to ensure that innovation is not stifled due to compliance burden, it said.

"Meity (Ministry of Electronics and Information Technology) is mulling to improve upon the bill to exempt early stage startups from the provisions of DPDP (Digital Personal Data Protection) bill.

"This may be for a limited time period in cases where they may be doing some kind of data modelling etc to develop their solution," the source, who did not wish to be named, said.

The draft DPDP has proposed exemption only for government notified data fiduciaries and data processing entities when it comes to data collection, data sharing, giving information around data processing etc.

Last week, Minister of State for Electronics and IT Rajeev Chandrasekhar had said the government will not be able to violate the privacy of citizens under the proposed law as it will get access to personal data only in exceptional circumstances like national security, pandemic and natural disasters.

The minister said the bill does not exempt government or related entities in case of data breach. The government has issued a draft DPDP bill which proposes a penalty of up to 500 crore for violation of DPDP rules.

The bill also proposes to remove a section from the IT Act which provides an option of compensation to individuals impacted by data breach.

When asked about the reason for removing the compensation clause, the source said the government does not want people to misuse the provision of the bill and make a business out of it to earn compensation.

Based on six principles of data economy, the government will introduce the Digital Data Protection Bill in the upcoming budget session of the Parliament. Currently, the bill is placed in the public domain for consultations.

The first principle talks about the collection and usage of the personal data of citizens of India. The collection and usage of personal data should be lawful, must be protected from breach and transparency should be maintained.

Second principle of the data economy points towards Purpose and Usage. The data collection exercise must be for a legal purpose and the data should be safely stored till the purpose is served.

Next is data minimisation which says that only relevant data should be collected of individuals and serving the pre-defined purpose should be the only aim.

The fourth principle is regarding Data Protection and Accountability and it says that the data collected should be safely processed and stored in a secure manner with no access to unauthorized persons.

Fifth principle talks about the accuracy of data. The data of individuals stored should be accurate and should be updated with time. The individual should have the authority to inspect/delete/update his data.

The last principle lays down the rules regarding reporting a data breach. In case of a data breach, it should be reported in a fair, transparent, and equitable manner to the Data Protection Boards.

(With inputs from PTI)

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
More Less

Recommended For You

Trending Stocks

Get alerts on WhatsApp
Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout