Intermediaries may face enhanced fines for data retention breaches from 30.11.2023: MEITY notifies implementation date for amendments to IT Act pursuant to Jan Vishwas Act, 2023

Pursuant to the Jan Vishwas (Amendment of Provisions) Act, 2023 (please refer to the e-mails in trail), the Ministry of Electronics and Information Technology (“MEITY”) has appointed 30th November, 2023 as the date on which the amendments pertaining to Information Technology Act, 2000 (“Act”) will gain effect. The Jan Vishwas (Amendment of Provisions) Act, 2023 is geared to implement updated/ enhanced monetary fines while doing away with the criminal sanctions associated with non-compliance of provisions under the Information Technology Act, 2000.

Key Highlights:

  1. Presently, failure by intermediaries to preserve and retain data may lead to imprisonment extending up to three years along with fine. This is being revised to eliminate the criminal sanctions and instead impose an enhanced penalty extending up to Rs. Twenty-five lakhs;
  2. Failure to provide documents, returns, or reports to the Controller or Certifying Authority, (as required under the Act or allied Regulations), may result in penalty not exceeding Rs. One lakh and fifty thousand for each instance of non-compliance. Now, the penalty is being revised to Rs. Fifteen lakhs;
  3. Presently non-compliance with the obligation to maintain books of account or records incurs a penalty of up to Rs. Ten thousand for each day of non-compliance. This is being raised/ enhanced to Rs. One lakh for each day such failure persists;
  4. Failure to submit a return or provide information, books, or other documents within a stipulated timeframe under the regulations incurs penalty not exceeding Rs. Five thousand for each day the failure persists. Now, the penalty for non-compliance is being increased to Rs. Fifty thousand;
  5. Section 70-B authorizes the Government to appoint CERT-In (Computer Emergency Response Team) and empowers them to seek information from various entities including intermediaries, service providers, intermediaries, and data centres. Failure to provide information to CERT-In entailed a penalty of one-year imprisonment or a fine of Rs. One lakh. This is now being enhanced with a substantial monetary penalty of Rs. One crore while dispensing with imprisonment;
  6. Presently, non-compliance with Rules or Regulations under the Act, for which no specific penalty is prescribed, is subject to a compensation payment of up to Rs. Twenty-five thousand to the aggrieved party or a fine not exceeding Rs. Twenty-five thousand. Now, two tiers of penalty are being introduced: a penalty not exceeding one lakh rupees and compensation for the affected person. The maximum compensation is set at Rs. ten lakhs for intermediaries, companies, or body corporates, while it is set at Rs. One lakh for any other individual;
  7. Section 72-A of the Act outlines consequences for intermediaries accessing personal information to cause harm or gain without consent. The criminal aspect is being dispensed with penalty of up to Rs. 25 lakhs;
  8. Section 66A of the Act which was previously declared unconstitutional in the Shreya Singhal Case is being omitted;
  9. Section 33 of the IT Act mandates that in the event a certifying authority has its license suspended or revoked, it must relinquish the license immediately. Failure to surrender license is punishable with imprisonment up to six (6) months or a fine up to Rs. 10,000 or both. This penalty will now be decriminalised and be limited to a fine of up to Rs. 5,00,000 lakhs.

 

Source: Ministry of Electronics and Information Technology

Share this:

Sign up for our

Newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Lexplosion will use the information you provide on this form to be in touch with you and to provide updates and marketing.