I&B Ministry
Government announces draft bill on personal data protection; proposes penalty of up to Rs 500 cr
Mumbai: The ministry of electronics and information technology (MeitY) has formulated a draft bill, titled “The Digital Personal Data Protection Bill 2022.” In a press release published on Friday, the ministry invited feedback from the public on the draft bill. According to the statement, the draft is open for public comment till December 17.
As expected to be presented in the next session of parliament, the purpose of the draft bill, as stated in the official statement from the ministry, is to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process personal data for lawful purposes and for matters connected therewith or incidental thereto.
In addition to this, the ministry has further stated that it has raised the penalty amount to up to Rs 500 crore for violating the provisions proposed under the draft bill. The draft bill, released in 2019, proposed a penalty of Rs 15 crore or four per cent of the global turnover of an entity.
The proposed bill comes in place of the Data Protection Bill, which was withdrawn by the ministry in August this year. The draft proposes to set up a Data Protection Board of India, which will carry out functions as per the provisions of the bill.
“The Digital Personal Data Protection Bill”
The Digital Personal Data Protection Bill frames out the rights and duties of the citizen (Digital Nagrik) on the one hand and the obligations to use collected data lawfully of the data fiduciary on the other.
In an explanatory document issued by the MeitY, seven principles around the data economy have been listed on which the bill is based:
The first principle is that organisations must use personal data in a way that is legal, fair to the individuals involved, and transparent to individuals.
The second principle of purpose limitation is that the personal data is used for the purposes for which it was collected.
The third principle of data minimisation is that only those items of personal data required for attaining a specific purpose must be collected.
The fourth principle of accuracy of personal data is that reasonable efforts are made to ensure that the personal data of the individual is accurate and kept up-to-date.
The fifth principle of storage limitation is that personal data is not stored perpetually by default. The storage should be limited to such a duration as is necessary for the stated purpose for which personal data was collected.
The sixth principle requires that reasonable safeguards be put in place to prevent the unauthorised collection or processing of personal data. This is intended to prevent personal data breaches.
The seventh principle is that the person who decides the purpose and means of processing personal data should be accountable for such processing.
These principles have been used as the basis for personal data protection laws in various jurisdictions. The actual implementation of such laws has allowed the emergence of a more nuanced understanding of personal data protection wherein individual rights, public interest, and ease of doing business, especially for startups, are balanced.
Financial penalty:
“If the board determines at the conclusion of an inquiry that non-compliance by a person is significant, it may, after giving the person a reasonable opportunity of being heard, impose such a financial penalty as specified in Schedule 1, not exceeding rupees five hundred crore in each instance,” stated the draft.
Other obligations included are:
The draft bill has proposed a graded penalty system for data fiduciaries that will process the personal data of data owners only in accordance with the provisions of the act.
The same set of penalties will be applicable to the data processor — which will be an entity that processes data on behalf of the data fiduciary.
The draft has proposed a penalty of up to Rs 250 crore in case the data fiduciary or data processor fails to protect against personal data breaches in its possession or under its control.
The draft has also proposed a penalty of Rs 200 crore in case the data fiduciary or data processor fails to inform the board and data owner about the data breach.
Furthermore, in the draft issued by the MeitY, there is a provision to allow entities to transfer the personal data of a citizen outside the country in cases where the processing of personal data is necessary for enforcing any legal right or claim, the performance of any judicial or quasi-judicial function, the investigation or prosecution of any offence, or the data owner is not within the territory of India and has entered into any contract with any person outside the country.
“The central government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a data fiduciary may transfer personal data,” it added.
I&B Ministry
CBFC speeds up film certification; average approval time cut to 22 days
Over 71,900 films cleared in five years as digital system shortens approval timelines
MUMBAI: The Central Board of Film Certification (CBFC) has significantly reduced the time taken to certify films, with the average approval timeline now down to 22 working days for feature films and just three days for short films.
Operating under the Ministry of Information and Broadcasting, the statutory body certifies films for public exhibition in line with the Cinematograph Act, 1952 and the Cinematograph (Certification) Rules, 2024. The rules prescribe a maximum certification period of 48 working days, though the adoption of the Online Certification System has sharply accelerated the process.
Over the past five years, from 2020-21 to 2024-25, the board certified a total of 71,963 films across formats. Of these, the majority fell under the U category with 41,817 titles, followed by UA with 28,268 films and A with 1,878 films. No films were certified under the S category during the period.
Film approvals have also steadily risen in recent years. The CBFC cleared 8,299 films in 2020-21, a figure that peaked at 18,070 in 2022-23 before settling at 15,444 films in 2024-25. During the same period, 11,064 films were certified with cuts or modifications.
Despite the high volume of certifications, outright refusals remain rare. Only three films were denied certification over the last five years, with one refusal recorded in 2022-23 and two in 2024-25.
The board may recommend cuts or modifications if a film violates statutory parameters relating to the sovereignty and integrity of India, security of the state, friendly relations with foreign states, public order, decency or morality, defamation, contempt of court or incitement to an offence.
Filmmakers can challenge CBFC decisions in court. Data shows that such disputes remain limited but have seen some fluctuation. Between 2021 and 2025, a total of 21 certification decisions were challenged before High Courts, with the number rising to 10 cases in 2025.
Responding to a question in the Rajya Sabha, minister of state for information and broadcasting L. Murugan shared the data. The question was raised by Mallikarjun Kharge.
With faster timelines and a largely digital workflow, the certification process appears to be moving at a far brisker pace, signalling a shift towards quicker clearances for India’s growing film output.
