The Personal Data Protection Bill of 2019 is scheduled to be tabled in Parliament on March 14. This fresh legislation comprehensively addresses the requirements of the “country’s changing technology landscape”, say people in the know of things.
India’s marquee piece of proposed legislation on data protection — the Personal Data Protection Bill of 2019 — may never see the light of day as the Centre is likely to junk the draft in favour of a completely new privacy Bill.
Recommended ArticlesView All
New Locker Rules — Here's why the RBI has gone overboard
Jan 28, 2023 IST5 Min(s) Read
Meet Padma Shri Awardee Guru K Kalyanasundaram Pillai, the man who is keeping an ancient tradition alive
Jan 27, 2023 IST3 Min(s) Read
This is how the new draft IT rules propose to make online gaming safe
Jan 27, 2023 IST4 Min(s) Read
Rs 11 lakh crore market cap lost in biggest two-day fall in four months
Jan 27, 2023 IST3 Min(s) Read
People familiar with the development have told The Economic Times that the Centre is planning to come up with fresh legislation that comprehensively addresses the requirements of the “country’s changing technology landscape”. They add that certain clauses mentioned in the existing draft of the data protection Bill — which the stakeholders have already flagged — may hurt the country’s booming technology and start-up ecosystem.
Further, as the existing draft of the Bill has been reviewed by a joint committee of Parliament, the Centre can only make a few tweaks in it and cannot change the “problematic” provisions entirely. This is why it’s better to bring a new legislation which is more in sync with present times, according to those in the know of the matter.
Journey of the Personal Data Protection Bill of 2019
In 2017, the idea of introducing a Bill on data protection was mooted.
In 2018, the Srikrishna Committee — led by retired Supreme Court Judge Justice BN Srikrishna — drafted the Data Protection Bill after a year-long consultation with several stakeholders, including the Ministry of Electronics and Information Technology, Reserve Bank of India, Securities and Exchange Board of India, National Payments Corporation of India, Income Tax department, Unique Identification Authority of India, National Association of Software and Service Companies, large social media players, law firms, and others.
In 2019, the central government tabled the Bill in Parliament.
Subsequently, the Bill was sent for review by a joint committee of Parliament.
This panel took two years — amid the pandemic — to study the contours of the legislation.
In November 2021, the panel finally submitted the draft (with revisions) after completing the review process. The Bill was renamed — Personal Data Protection Bill.
The revised Bill is scheduled to be tabled in Parliament on March 14 during the second leg of the Budget session.
Salient features of the Bill
The Bill will regulate both non-personal data and personal data.
Companies processing the personal data of children must register with Data Protection Authorities.
Data fiduciary will be required to ensure transparency and fairness of algorithms and methods for processing personal data.
All social media platforms — which do not act as intermediaries — should be treated as publishers and be held accountable for the content they host. These platforms will be held responsible for the content from unverified accounts on their platforms and will have to set up an office in India if they do not already have one.
Cross-border transfer of data should not be approved if the contract or scheme is against public or state policy.
Despite revisions made to the Bill, the legislation has attracted criticism from both domestic and international stakeholders. A majority of the companies have expressed concern about these provisions — treating social media platforms as publishers, the inclusion of non-personal data, and in-house processing of data, among others.
In fact, a recent study commissioned by the European Data Protection Board flagged the exemptions that the government has sought under Section 35 of the data protection Bill. According to Section 35 of the Bill, any agency under the government will be exempt from any or all provisions of the law.
Besides, Mark Zuckerberg-owned Meta (formerly Facebook), in a filing with the Securities and Exchange Commission (SEC), said India's upcoming privacy legislation that seeks local storage and in-house processing of data may hurt its business. Similar apprehensions over "regulatory hurdles" have been made by Google in its SEC filing as well.
Last year, India added 42 unicorns and as per reports, the government is keen on keeping this momentum going. Therefore, the Centre is giving a second thought before tabling the revised Bill in its current form.
Read Also | Meta may be forced to leave Europe; here's why
(Edited by : Thomas Abraham)