As India’s data protection bill remains under consultation even after a year of Srikrishna Committee’s submission, Ministry of Electronics and Information Technology (MeitY) is now reportedly planning to release a report on the regulation of public data, including data of technology companies such as Uber, Facebook and Amazon.
The ministry’s report is expected to let ministries or regulators decide the nature of data that will come under the purview of data protection bill. This development has come after the reports of MeitY conducting a private round of consultation on the date protection bill with selected respondents from the public consultation.
The second round of consultation included questions such as: Can non-personal data such as data from ecommerce sites and community data be made freely accessible to all? Whether storage of personal data should also be mandated in India?
The responses received for this round of consultation could form the basis for MeitY’s white paper. It can then be opened up for another round of public consultation before a final data protection policy is made, the report added.
Later, Department for Promotion of Industry and Internal Trade had appealed for including ecommerce data under the purview of its data protection bill. However, reports said that the Ministry of Electronics and Information Technology was likely to deny the appeal.
MeitY was expected to take the stand that ecommerce data is community data and hence won’t be governed by DPIIT’s personal data protection bill.
Moreover, an industry association, The Internet & Mobile Association of India (IAMAI) has recently suggested that the governance of health data of citizens should be put under hold till India’s data protection bill is finalised.
What Does The Draft Data Protection Bill Say?
The Draft Personal Data Protection Bill 2018 had defined personal data as any data of a natural person which allows direct or indirect identifiability. Further, sensitive personal data was defined as financial data, biometric data, positive additions such as religious and political beliefs, caste, intersex/transgender status, and official government identifiers like PAN, etc.
To ensure that Indians are not being affected by any global data breach, the government had also proposed data localisation mandate in the bill. This means companies will be mandated to save one copy of all personal data on a local server within India.
Further, critical personal data, as defined by the government, will require to be stored in India alone. At the same time, requirements for cross-border transfer of data are also included in the bill.
Earlier this month, Justice BN Srikrishna, who headed the expert committee that drafted the Personal Data Protection Bill 2019, reportedly said, “A data protection bill is the need of the hour. We have to go beyond the stated intent of data collection to understand the motives and eventual uses to which it can be put.”