India: Closed consultation on Digital Personal Data Protection Bill 2022 including data protection authority governance

On 2 January 2023, the public consultation on the Digital Personal Data Protection (DPDP) Bill 2022, which includes rules expanding data protection authority governance, closed. The Ministry of Electronics and Information Technology (MeitY) extended the deadline for submitting comments from 17 December 2022 to 2 January 2023. The Bill would amend the Information Technology Act of 2000 and the Right to Information Act of 2005 and would apply to data collected online and data collected offline then digitized within Indian territory, as well as data collected outside the country if they show correlations with Indian individuals. The Bill would require the government to create the Data Protection Board of India, which would have enforcement jurisdiction over the provisions of the Bill. This jurisdiction would include the power to make determinations of non-compliance, take appropriate measures, and issue fines. The Bill also establishes a list of maximum penalties for various types of non-compliance, with a maximum penalty of INR 250 crore (2.5 billion) for failure to take appropriate cybersecurity measures.