Personal data can be processed overseas with 'explicit consent'
New Delhi: The Data Protection Bill which was cleared by the cabinet on Wednesday envisages 'sensitive' personal data to be stored in India but it can be processed outside the country with the explicit consent of the individual concerned.
The personal data will include health records, financial data, sexual orientation, biometrics, genetic data, transgender status, religious or political beliefs or affiliations, news agency IANS reported.
'Critical' personal data, however, is another classified data can only be stored and processed in India and will not leave the country. It has not been defined what will be constituted in the critical personal data yet.
It will be defined by the government at the time of framing regulations.
The Data Protection Bill does not require companies to store and process 'all' personal data in India.
The Bill will let the government request non-personal data from any company for 'planning'. The social media platforms will have to develop a verification mechanism that is voluntary for users but will decrease anonymity.
Companies may face a penalty of up to Rs 15 crore or 4 per cent of global turnover for major violations under the proposed Personal Data Protection law, according to IAN's official source.
In case of major violations, Personal Data Protection Bill proposes penalty of up to Rs 15 crore or 4 per cent of global turnover (whichever is higher). For minor violation, penalty of Rs 5 crore or 2 per cent of global turnover is proposed.
The data privacy law exempts processing of data without consent in case of issues around sovereignty, national security, and court order.