The government holds ultimate rights and powers to seek access to users' data to help formulate policies, showed the Personal Data Protection Bill which was circulated among the Parliament members on Tuesday.
IANS has viewed the Data Protection Bill. The final bill also sees the government back down from its previously strict stance on data localisation.
The relevant section of the bill reads: "Nothing in this Act shall prevent the central government from framing of any policy for the digital economy, including measures for its growth, security, integrity, prevention of misuse, in so far as such policy do not govern personal data. The central government may, in consultation with the authority, direct any data fiduciary or data processor to provide any personal data anonymised or other non-personal data to enable better targeting of delivery of services or formulation of evidence-based policies by the central government, in such manner as may be prescribed".
"Non-personal data" is any data other than personal data.
This may cause trouble for Facebook, Google, Amazon, Flipkart, Uber and others who could be asked to share data for policy formation by the government. The bill will be introduced in Parliament in the current session, but won't be passed as the session concludes on December 13. It will be referred to a for review further.
The Personal Data Protection Bill, which was circulated to the Parliament members on Tuesday, was eagerly awaited by top technology companies as it could affect the way they process, store, and transfer Indian consumers' data and how they will be impacted.
The bill's latest version has a provision empowering the government to ask a company to provide anonymized personal data, as well as other non-personal data, to help target the delivery of government services or formulate policies.
The final bill also seeks social media intermediaries, like Facebook and Twitter, to allow Indian users to "voluntarily verify" their accounts in a manner that can be prescribed in the future. This method of voluntary verification has not been laid out by the bill. It only states that any user who voluntarily verifies his account "shall be provided with such demonstrable and visible mark of verification".
Section 28 of the Bill notes: (3) Every social media intermediary which is notified as a significant data fiduciary under sub-section (4) of section 26 shall enable the users who register their service from India, or use their services in India, to voluntarily verify their accounts in such manner as may be prescribed.(4) Any user who voluntarily verifies his account shall be provided with such demonstrable and visible mark of verification, which shall be visible to all users of the service, in such manner as may be prescribed.
The bill defines "personal data" as information that can help identify a person and has characteristics, traits and any other features of a person's identity. Any other data is non-personal, the bill said, without elaborating.
The bill also said large social media platforms should be required to offer a mechanism for users to prove their identities and display a verification sign publicly, a move that would raise a host of technical issues for companies including Facebook, WhatsApp, and Chinese app TikTok.
"Sensitive personal data", which includes financial and biometric data, could be transferred outside India for processing, but must be stored locally, the bill said.The bill draws its origins from the Justice BN Srikrishna Committee on data privacy, which produced a draft of legislation that was made public in 2018.