0

0

0

0

0

0

0

0

0

Explained: What is the Personal Data Protection Bill; why the dissent notes

Mini

The PDP Bill was introduced in 2019, and has been with the JPC for nearly 2 years. While seeking to protect the personal data of Indians, the bill gives the Centre wide-ranging power to exempt itself, and its agencies, from complying with its provisions.

Explained: What is the Personal Data Protection Bill; why the dissent notes
The Joint Parliamentary Committee (JPC) has adopted the draft report on the Personal Data Protection (PDP) Bill 2019 after two years of deliberations and five extensions. The draft report, alongside the recommendations made by the JPC, is expected to be presented to the Speaker of the Lok Sabha in the upcoming Winter Session.
The bill was introduced by the former minister of electronics and information technology, Ravi Shankar Prasad, in 2019 with the aim to regulate data collection and storage procedures in India.
What is the PDP Bill 2019?
In 2017, the Supreme Court enshrined the right to privacy as a fundamental right within the ambit of the Constitution. The top court had directed the Centre to come up with a data protection framework for the country. An expert panel headed by former Supreme Court judge Justice B.N. Srikrishna was set up by the Ministry of Electronics and Information Technology (MeitY), which recommended the establishment of personal data protection legislation in its report.
The bill was introduced by Prasad in the Parliament, and the JPC was set up to deliberate on the bill, give their recommendations and submit their report to the Parliament.
Provisions of the bill
The bill sets up the regulatory framework necessary to protect the personal data of individuals in India. It sets up three different categories of data -- personal data, sensitive personal data, and critical personal data. Each category of data carries with it separate obligations and regulatory requirements. Indian companies as well as foreign companies dealing with data of Indian citizens will have to comply with the Act.
The bill gives each individual certain rights regarding their data. These rights include seeking confirmation from companies about whether their data has been processed by a certain company, the right to make changes to data collected for correction purposes, and the right to not have their data stored by data fiduciaries, organisations that store and process data, after the withdrawal of consent.
Additionally, the bill seeks to set up the Data Protection Authority, a regulatory body that will ensure compliance with the bill as well as prevent misuse of personal data and act as a tribunal for matters regarding the bill.
Penalties have been set at Rs 15 crore or 4 percent of the annual turnover of the data fiduciary in cases of processing or transferring personal data in violation of the provisions, or five crore or 2 percent of the annual turnover of the fiduciary if the company fails to conduct a data audit.
Objections
The Centre has granted itself wide-ranging power to exempt itself, and its agencies, from complying with the provisions of the bill. The government also has the power to demand non-personal data and anonymised personal data from data fiduciaries for the benefit of various government services.
In the JPC report, Congress MPs Jairam Ramesh and Manish Tewari added their dissent notes pertaining to the wide-ranging exemptions granted to the government from complying with the bill in the name of public interest.
“Section 35 gives unbridled powers to the Centre to exempt any government agency from compliance,” they said, adding that they had proposed an amendment to seek parliamentary sanction before exempting government entities.
What is the need for the bill?
The bill comes on the heels of similar legislation being introduced in other countries that seek to enshrine the right to privacy of citizens in a digital age where companies seek to track every parcel of information of citizens for their own gain. The California Consumer Privacy Act and the General Data Protection Regulation were two of the major pieces of legislation, introduced in California and the European Union that gave citizens the power over their own data.
But while the PDP Bill 2019 hopes to emulate similar levels of success, the exemptions and the power of the government to look through the data has drawn flak from privacy activists.
 
next story