GS Paper 2:
Topics Covered: Government policies and issues arising out of it.
The government has said that it is studying the inputs received on the draft data protection bill, and will carefully ensure that any legislation in the digital ecosystem will act as an enabler, fuelling the growth momentum.
- On December 16, 2021, the Joint Committee on Personal Data Protection Bill had tabled its report in both the Houses of Parliament, giving its views on various provisions.
Nearly two years after it was constituted on 11 December 2019, the Joint Committee on the Personal Data Protection Bill, 2019, headed by BJP MP P.P. Chaudhary, presented its final report on the upcoming bill in both Houses of Parliament on 16 December.
- Remove the word ‘personal’ from the existing title of ‘Personal Data Protection Bill’. This is intended to reflect that the bill, in order to better ensure privacy, will also be dealing with non-personal data, such as personal data that has been anonymised.
- Amend the section restricting the transfer of personal data outside India to say “sensitive personal data shall not be shared with any foreign government or agency unless such sharing is approved by the central government.
- No social media platform be allowed to operate in India unless its parent company, which controls the technology powering its services, sets up an office in the country.
- It proposes a separate regulatory body to be set up to regulate the media.
- Jail term of up to 3 years, fine of Rs 2 lakh or both if de-identified data is re-identified by any person.
- The word ‘personal’ ought to be dropped from the name of the Bill.
- Central government may exempt any government agency from the legislation only under exceptional circumstances.
How do these recommendations compare with EU regulation?
The JCP recommendations on the Personal Data Protection Bill are in some aspects very similar to global standards such as European Union’s General Data Protection Regulation.
Consent: Users must have informed consent about the way their data is processed so that they can opt in or out.
Breach: Authorities must be notified of a breach within 72 hours of the leak.
Transition period: Two-year transition period for provisions of GDPR to be put in place.
Data fiduciary: Under EU law, a Data fiduciary is any natural or legal person, public authority, agency or body that determines purpose and means of data processing. In India, it also includes NGOs.
The committee has recommended the formation of a Data Protection Authority (DPA):
The Data Protection Authority (DPA) will be dealing with privacy and personal data as well as non-personal data.
Composition of DPA: The Chairperson and the members of the DPA shall be appointed by the Union government based on the recommendation of a selection committee chaired by the Cabinet Secretary.
- Other members of the committee would be the Attorney General of India, the IT and law secretaries.
- Nominated members: An independent expert and a director each from the IIT and the IIM will be nominated by the Centre.
Other Highlights of the Bill:
- The bill proposes to specify the flow and usage of personal data, protect the rights of individuals whose personal data are processed, as it works out the framework for the cross-border transfer, accountability of entities processing data, and moots remedies for unauthorised and harmful processing.
- It also seeks to provide the government with powers to give exemptions to its probe agencies from the provisions of the legislation, a move that has been strongly opposed by the opposition MPs who had filed their dissent notes.
Did you know that the genesis of this Bill lies in the report prepared by a Committee of Experts headed by Justice B.N. Srikrishna? Read this.
- Data protection bill.
- Key Provisions.
- Parliamentary panels.
- Puttaswamy judgment.
- Right to Privacy.
Comment on the controversial provisions of the Personal Data Protection Bill, 2019.
Sources: Indian Express.