34. All sums realised by way of penalties imposed by the Board under this Act, shall be credited to the Consolidated Fund of India.
Please keep in mind that this form is only for feedback and suggestions for improvement. Unfortunately, questions will not be answered.
Section 34 of the Digital Personal Data Protection Act, 2023 (India) addresses how penalty amounts imposed by the Data Protection Board are to be handled. It states that all funds collected through penalties must be credited to the Consolidated Fund of India, rather than retained or used directly by the Board. This provision ensures transparency, accountability, and proper fiscal management of penalty revenues.
All penalty sums imposed by the Data Protection Board under the Act must be remitted into the Consolidated Fund of India. This integrates the collected penalties into the government’s formal financial framework, ensuring that such funds are handled with the same level of scrutiny as other public revenues.
By directing all penalty revenues to the Consolidated Fund, the law ensures that the Board does not financially benefit from imposing fines. This arrangement prevents any perception that penalties might be imposed to generate revenue, thereby maintaining the Board’s impartiality and credibility.
Section 34 aligns with India’s established fiscal governance principles. Similar requirements apply to other regulatory bodies and authorities that collect penalties. Ensuring all regulatory penalties flow into the Consolidated Fund maintains consistency and uniformity across various aspects of government finance.
When penalty amounts enter the Consolidated Fund, they become subject to parliamentary oversight and the standard budgetary process. This enhances transparency, as elected representatives review, allocate, and oversee the use of these funds for public welfare and development.
If the Data Protection Board fines a multinational tech firm INR 100 crore for a severe privacy breach, this amount does not stay with the Board. Instead, it goes into the Consolidated Fund of India. The Board benefits from no direct monetary gain, and the funds can later be appropriated by the government for public projects through due legislative processes.
If the Board imposes several modest penalties—e.g., INR 2 lakh each—on various mid-sized companies, these amounts also accumulate in the Consolidated Fund. Over time, they contribute to government revenue, ensuring all such funds are tracked and used in an accountable manner.
If a Data Principal’s data is leaked and the Board penalizes the responsible Data Fiduciary, the penalty amount still goes to the Consolidated Fund. The individual does not receive direct compensation from this penalty, underscoring the public law nature of these enforcement actions.
Ensuring Integrity and Trust:
By not allowing the Board to retain penalties, the Act ensures impartial enforcement. The
Board’s decisions are guided by compliance and fairness, not financial incentives.
Financial Discipline and Good Governance:
Routing penalties into the Consolidated Fund supports principles of good governance,
making collected sums part of the nation’s formal financial system, subject to oversight
and used for the public good.
No Incentive for Over-Enforcement:
Since the Board gains no direct revenue from penalties, there is no monetary motive to
over-enforce or levy unjustified fines. Enforcement remains centered on upholding data
protection standards.
Section 34 of the DPDP Act, 2023 ensures that penalties serve their intended purpose as deterrents and compliance mechanisms, rather than sources of profit. By channeling all penalty revenues into the Consolidated Fund of India, the provision aligns with established fiscal norms, reinforces oversight, and maintains trust in the impartiality of the data protection enforcement regime.
© 2024 Advocate (Dr.) Prashant Mali