Govt mulls exempting early-stage startups from data protection bill provisions

The government is mulling exempting early-stage startups from complying with norms under the proposed Digital Personal Data Protection bill, an official source said.

The exemption may be for a limited period to assist startups in developing their business models and to ensure that innovation is not stifled due to compliance burden.

"MeitY (Ministry of Electronics and Information Technology) is mulling to improve upon the bill to exempt early-stage startups from the provisions of DPDP (Digital Personal Data Protection) bill. This may be for a limited time period in cases where they may be doing some kind of data modelling etc to develop their solution," the source, who did not wish to be named, said.

The draft DPDP has proposed an exemption only for government-notified data fiduciaries and data processing entities when it comes to data collection, data sharing, giving information about data processing etc.

Last week, Minister of State for Electronics and IT Rajeev Chandrasekhar said the government will not be able to violate the privacy of citizens under the proposed law as it will get access to personal data only in exceptional circumstances like national security, pandemic and natural disasters.

The minister said the bill does not exempt the government or related entities in case of a data breach. The government has issued a draft DPDP bill which proposes a penalty of up to Rs 500 crore for violation of DPDP rules.

The bill also proposes to remove a section from the IT Act, which provides an option of compensation to individuals impacted by data breaches.

When asked about the reason for removing the compensation clause, the source said the government does not want people to misuse the provision of the bill and make a business out of it to earn compensation.

The bill is open for public comments till December 17 and the government is likely to place the draft before Parliament in Budget Session.