The Personal Data Protection Bill, 2019, is likely to be tabled in Parliament during the Budget session next year.
The Bill seeks to ensure that personal data of Indian citizens is safeguarded and not stored overseas. The need for the bill has been felt for long. In a data-driven digital economy, where citizens’ data is collected by the government and private companies, it is necessary to ensure that personal data of citizens is protected from malicious actors.
The Personal Data Protection Bill, 2019, was introduced in the Lok Sabha last year and talks about the formation of a data protection authority. Concerns were raised about the bill jeopardising citizens’ right to privacy in the face of “reasonable exceptions”, and hence, the bill was sent to a Joint Parliamentary Committee (JPC) for deliberation.
The JPC, which was supposed to submit its report on the bill during the monsoon session, received an extension last month. The JPC will now submit its report on the bill in the second week of the winter session of Parliament.
A source told PTI that the final bill, after incorporating the suggestions of the JPC, will likely be tabled in Parliament next year.
Why Is Personal Data Protection Important?
As internet penetration spreads across the globe to include more than half of humanity and India accounts for 12% of these 3.8Bn internet users — the concerns around data protection and cybersecurity have also taken place. Today, smart devices powered by fast internet networks are collecting and storing data about every user action and behaviour from song preferences to viewership patterns, to health statistics and much more.
In such a world, the governance of how this data is stored and processed becomes indispensable. Thus, countries around the world have started to pay attention to creating data-related laws and policies.
The PDP Bill will also require startups to revamp their data-related processes and embed privacy within their system architectures. In the past, the Ministry of Electronics and Information Technology (MeitY) has invited all stakeholders who would be impacted by the legislation, to offer their suggestions and comments on the bill.
Criticism Of PDP Bill
Section 35 of the bill gives the Union government the power to issue reasoned orders exempting any government agency from the application of any/all provisions of the bill for reasons listed in the provisions. Further, Section 36 of the bill allows for certain exemptions in complying with the various provisions, in the interest of prevention, detection, investigation and prosecution of any offence.
The two clauses in the bill have been flagged by opposition members and domain experts for expanding the scope of exemptions while diluting important safeguards.
According to a special report by policy think-tank Observer Research Foundation (ORF), “blanket exemptions and lack of executive or judicial safeguards will fail to meet the standards laid out by the Supreme Court in the KS Puttaswamy v. Union of India case, where it ruled that measures restricting the right to privacy must be backed by law, serve a legitimate aim, be proportionate to the objective of the law, and have procedural safeguards against abuse. Vague grounds that trigger exemptions, absence of procedure in granting exemptions and the lack of independent oversight are major concerns.”
The report also mentioned that usage of terms like ‘national security’, ‘sovereignty’ and ‘territorial integrity’ are bound to be interpreted subjectively and could thus be misused to justify exemptions. A committee of experts under the chairmanship of Justice BN Srikrishna, in its report titled, ‘A Free and Fair Digital Economy, Protecting Privacy, Empowering Indians’, submitted to the Ministry of Electronics and Information Technology (MeitY) in 2018, had noted the importance of ensuring, “the pillars of data protection are not shaken by a vague and nebulous national security exception.”