India: Opened consultation on Digital Personal Data Protection Act including data protection authority governance

On 18 November 2022, India's Ministry of Electronics and Information Technology (MeitY) opened a public consultation on its draft of The Digital Personal Data Protection (DPDP) Act, which will close on 2 January 2023. The Ministry of Electronics and Information Technology (MeitY) extended the deadline for submitting comments from 17 December 2022 to 2 January 2023. The Act would amend the Information Technology Act of 2000 and the Right to Information Act of 2005 and would apply to data collected online and data collected offline then digitized within Indian territory, as well as data collected outside the country if they show correlations with Indian individuals. The Act would require the government to create the Data Protection Board of India, which would have enforcement jurisdiction over the provisions of the Act. This jurisdiction would include the power to make determinations of non-compliance, take appropriate measures, and issue fines. The Act also establishes a list of maximum penalties for various types of non-compliance, with a maximum penalty of INR 250 crore (2.5 billion) for failure to take appropriate cybersecurity measures.