Data Protection Law is finally arriving in India

The personal data protection law is about to happen in India. An insight.

Data Protection Law is finally arriving in India

---

Read more on - Polity | Economy | Schemes | S&T | Environment

---

• The story: The Joint Committee of Parliament that studied the proposed Personal Data Protection Bill has adopted a final set of recommendations. The draft Bill will be tabled in Parliament’s Winter Session.
• Data protection law: Amid the proliferation of computers and the Internet, consumers have been generating a lot of data, which has allowed companies to show them personalised advertisements based on their browsing patterns and other online behaviour. Companies began to store a lot of these datasets without taking the consent of the users, and did not take responsibility when the data leaked. To hold such companies accountable, the government in 2019 tabled the Personal Data Protection Bill for the first time.
• Nature of final draft: A major change in the final draft of the PDP Bill is the push for is to include non-personal data within its ambit, which changes the nature of the Bill from personal data protection to just data protection.

1. The final draft will have sought additional compliance for companies that deal exclusively with children’s data, by asking them to register with the Data Protection Authority — a regulatory body that will have powers to decide on implementing the law’s various provisions.
2. Another aspect is to consider all social media companies as publishers, and to hold them accountable for the content on their platform if they are not acting as intermediaries. It is said to have recommended that no social media company be allowed to operate in India unless the parent company handling the technology sets up an office in India.
3. Other aspects such as setting up of an indigenous architecture, which can be an alternative to the internationally accepted SWIFT payment system, are also in the offing.

• Serious objection: A key suggestion made by the JCP is a relook at the wide-ranging powers for the government such as exempting any agency from application of the law. That will practically mean a legalised Pegasus in the hands of the government, and a destruction of the Right to Privacy on the slightest of pretexts.
• Drafting process: First proposed by the government in 2018, the Bill has been pending for three years. It saw several changes to the original draft drawn by retired Supreme Court Justice B N Srikrishna, who has said that the revised Bill was “a blank cheque to the state”.

1. The Bill, which is said to contain 98 clauses, was referred to the JPC headed by BJP MP Meenakshi Lekhi in December 2019. Lekhi was replaced as chairperson with another BJP MP, P P Chaudhary, earlier this year. The 30-member panel got extensions in March and September 2020 as well as a final extension in February 2021.
2. Officials from the Ministries of IT, Law and Home Affairs, the Unique Identification Authority of India, National Investigation Agency, Narcotics Control Bureau and the Reserve Bank of India, among others, have deposed before the panel.
3. From the private sector, executives from Visa, MasterCard India, Google India, PayTM, Facebook India, Twitter India, Amazon Web Services as well as Amazon India, among others, have made submissions to the panel.
4. Google’s representatives had said India should avoid making data localisation a requirement, which had upset the members of the committee. Paytm, on the other hand, had said data generated in India should be parked here only. Cab aggregators such as Ola and Uber, whose representatives appeared before the JPC earlier this month, have supported data localisation norms.
5. Companies, tech policy groups and even JCP members had also called for reconsideration of the one-size-fits-all approach based on binary age threshold for children, given the vast geographic and cultural diversity of children across the country and their varying maturity levels and needs.
6. As per the 2019 draft, the Data Protection Authority had been entrusted with a wide variety of functions ranging from standard-setting to adjudication, which would end up “overburdening” the architecture. The functional and structural independence of India’s first data regulator is a key aspect considering the crucial role it plays as the mediator between all vested stakeholders that is citizens, businesses and the government themselves.

• EXAM QUESTIONS: (1) What is the requirement for a comprehensive data protection law in India? Explain. (2) What are the areas where the implementation of the proposed PDP law will clash with the right to privacy? Explain.

Read more on - Polity | Economy | Schemes | S&T | Environment

Join UPSC Self Prep course | Online Course (PT Gurukul)  | Covid Special Course | Join PT courses

* Content sourced from free internet sources (publications, PIB site, international sites, etc.). Take your own subscriptions. Copyrights acknowledged.