An official source said that government is mulling exempting early stage start-ups from complying with norms under proposed Digital Personal Data Protection bill.
Exception to Reduce the Pressure on Early Stage Start-ups
This exception has been made to reduce the pressure due to compliance burden which can stifle the start-ups in developing their business models.
A source under the condition of anonymity said that “Meity (Ministry of Electronics and Information Technology) is mulling to improve upon the bill to exempt early stage start-ups from the provisions of DPDP (Digital Personal Data Protection) bill. This may be for a limited time period in cases where they may be doing some kind of data modelling etc. to develop their solution”.
When it comes to data collection, data sharing, giving information around data processing, the draft DPDP has proposed exemption only for government notified data fiduciaries and data processing entities.
Privacy of Citizens Taken into Consideration
Last week, Minister of State for Electronics and IT Rajeev Chandrasekhar had said the government will not be able to violate the privacy of citizens under the proposed law as it will get access to personal data only in exceptional circumstances like national security, pandemic and natural disasters.
In case of data breach, minister said the bill does not exempt government or related entities.
When it comes to violation of DPDP rules, the government has issued a draft DPDP bill which proposes a penalty of up to Rs 500 crore.
The bill also proposes to remove a section from the IT Act which provides an option of compensation to individuals impacted by data breach.
The reason behind the removal of compensation clause has been justified in the fact that the government does not want people to misuse the provision of the bill and make a business out of it to earn compensation.
The bill is open for public comments till December 17 and the government is likely to place the draft before Parliament in Budget Session.