Members of the Joint Parliamentary Committee (JPC), constituted to deliberate upon the Personal Data Protection Bill, 2019, are reportedly split on several crucial aspects of the proposed legislation, which was introduced in Parliament in December 2019.
Some of the contentious aspects of the bill include the provision allowing the government access to sensitive data of citizens without their consent, data localisation and the absence of judicial participation in selecting the head of the regulatory body.
The 30-member JPC, chaired by Bharatiya Janata Party (BJP) MP Meenakshi Lekhi, has already been given two extensions by Parliament for submitting its report on the bill. The JPC is now required to submit its report on the bill during the second week of this year’s winter session of Parliament.
It is expected that the final bill, after incorporating the suggestions made by the JPC, will be presented in Parliament during next year’s budget session.
The committee has held several consultations with stakeholders, while also questioning Indian consumer internet companies such as Paytm, Ola and Uber, as well as global tech giants such as Twitter, Facebook and Google, among others, on critical aspects of data collection and storage.
According to the Economic Times, which first reported the development, a senior member of the JPC from an opposition party has flagged Section 35 of the bill, which allows the Centre to exempt its agencies from some or all provisions of the bill for national security and public order.
The member suggested that such an exemption should be granted only if it’s necessary, proportionate and when public interest outweighs breaching the right to privacy.
Criticism Of PDP Bill
According to a special report by policy think-tank Observer Research Foundation (ORF), “blanket exemptions and lack of executive or judicial safeguards will fail to meet the standards laid out by the Supreme Court in the KS Puttaswamy v. Union of India case, where it ruled that measures restricting the right to privacy must be backed by law, serve a legitimate aim, be proportionate to the objective of the law, and have procedural safeguards against abuse. Vague grounds that trigger exemptions, absence of procedure in granting exemptions and the lack of independent oversight are major concerns.”
The report also mentioned that usage of terms like ‘national security’, ‘sovereignty’ and ‘territorial integrity’ are bound to be interpreted subjectively and could thus be misused to justify exemptions. A committee of experts under the chairmanship of Justice BN Srikrishna, in its report titled, ‘A Free and Fair Digital Economy, Protecting Privacy, Empowering Indians’, submitted to the Ministry of Electronics and Information Technology (MeitY) in 2018, had noted the importance of ensuring, “the pillars of data protection are not shaken by a vague and nebulous national security exception.”
Why Is Personal Data Protection Important?
As internet penetration spreads across the globe to include more than half of humanity and India accounts for 12% of these 3.8Bn internet users — the concerns around data protection and cybersecurity have also taken place. Today, smart devices powered by fast internet networks are collecting and storing data about every user action and behaviour from song preferences to viewership patterns, to health statistics and much more.
In such a world, the governance of how this data is stored and processed becomes indispensable. Thus, countries around the world have started to pay attention to creating data-related laws and policies.
The PDP Bill will also require startups to revamp their data-related processes and embed privacy within their system architectures. In the past, the Ministry of Electronics and Information Technology (MeitY) has invited all stakeholders who would be impacted by the legislation, to offer their suggestions and comments on the bill.