The Centre may introduce the Personal Data Protection Bill, 2018 in the coming winter session, a senior official of the Ministry of Electronics and Information Technology said here on Friday. S Gopalakrishnan, Joint Secretary, MEITY, also said the Ministry has appointed a committee headed by the Infosys co-founder Kris Gopalakrishnan to make recommendation on how to handle non-personal data.
“Possibly the Bill will go to the Parliament in this winter session. The draft bill is ready. A Regulator will be appointed a few months after the Bill is passed,” Gopalakrishnan told reporters at an event organsied by Indian School of Business (ISB). The new law will prescribe some penalties and compensations so that people take it seriously, he added.
The draft of Personal Data Protection Bill, 2018 - which is based on the recommendations of the government-constituted high-level panel headed by Justice B N Srikrishna - restricts and imposes conditions on the cross-border transfer of personal data, and suggests setting up of Data Protection Authority of India to prevent any misuse of personal information.
Replying to a query on the RBI’s circular requiring that all “data relating to payment systems” are “stored in a system only in India, the official said the Bill will address that issue also.
“RBI is a financial regulator. As far as the financial matters are concerned RBI will have the last word. So the Bill also provides for localisation of critical data. If RBI says the payment data is critical and it has to be localised, it will also be in harmony with what the data protection law says,” he explained.
He said there were no instances of breach from Aadhar Central Identities Data Repository.