SUMMARY
The note is likely to be presented in the upcoming budget session of the parliament
The ministry tabled the Personal Data Protection Bill 2019 (PDP Bill 2019) in the Lok Sabha in December 2019
A joint committee of parliament analysed the bill and presented a report with its recommendations last month.
The Ministry of Electronics and Information Technology (MeitY) is preparing a note for the cabinet on the proposed Data Protection Bill.
According to government officials who spoke to ET, the ministry is preparing a note that is likely to come up in the cabinet soon and will be presented in the upcoming budget session of the parliament.
The ministry tabled the Personal Data Protection Bill 2019 (PDP Bill 2019) in the Lok Sabha in December 2019. The bill was analysed by an ad-hoc joint committee of parliament (JCP) headed by P.P. Chaudhary, a Bharatiya Janata Party Lok Sabha MP from the Pali constituency in Rajasthan.
After almost two years of deliberation, the committee tabled its report in both houses last month. It made close to 100 recommendations — chief among which include the recommendation to treat social media companies as content publishers if they don’t work as intermediaries and the inclusion of non-personal data into the ambit of the bill.
If social media companies that do not act as intermediaries are treated as content publishers, according to the recommendations made by the JCP, they will become liable for the content they host. This could potentially mean that they would be stripped of the protection that Section 79 in the Information Technology Act, 2000.
In accordance with Section 79, intermediaries (what social media platforms are all considered currently) would not be liable for any third party information, data or communication link made available by them.
The committee’s report also called for non-personal data to be included under the provisions of the bill. According to the committee, it is impossible to distinguish between personal and non-personal data when large amounts of data are collected, processed and transmitted.
The JCP also suggested a 24-month transition period from the date of notification of the Act, which would allow all data aggregators enough time to comply with the new rules under the bill. This could mean that data fiduciaries would only be required to comply with new regulations by 2023.
