The data protection bill (DPB), which will be placed before the Parliament in the current Winter session, will have a proper balancing of privacy and protection, said the government.
According to unconfirmed reports, the revised version of the bill may require social media platforms such as Facebook, WhatsApp, Instagram, Twitter and TikTok to offer an identity-verification option. This is a potentially precedent-setting effort to rein in the spread of “fake news”, two sources from the government told Reuters.
If this is true, social media companies have to offer a mechanism for users to prove their identities and display that verification publicly. Offering an identity-verification option may require social media platforms to make a lot of changes in terms of technology stack and policy issues.
The government was earlier said to be mulling bringing Aadhaar into the equation by linking the 12-digit unique ID to social media accounts. But that speculation was denied later.
With an average of 200 Mn to 400 Mn monthly active users, India is the largest market for WhatsApp, TikTok and others. On an average, four out of five smartphone users use WhatsApp.
However, with very little content moderation on these platforms, they have been often blamed for being used for spreading fake news and misinformation, leading to mob lynchings and other internal security issues in India. The Indian government has been attempting to access information about the origin of messages on social media, to help police catch perpetrators of misinformation and rumours.
The Data Protection Bill (DPB) was proposed to the government of India in July 2018 by a nine-member expert committee headed by Justice BN Srikrishna.
According to the draft proposal, hefty penalties on entities that violate the privacy of users will be imposed. It also added that failure to take prompt action on a data security breach can lead to a penalty of up to INR 5 Cr or 2% of turnover, whichever is higher.
The DPB will include data localisation norms which will prevent any global companies to make a data bank outside India, further ensuring that Indian users’ data is unaffected in case of any global data breach.
Earlier, MeitY minister of state Sanjay Dhotre said that the DPB would categorise personal data into three categories: personal data, sensitive personal data, and critical personal data. The proposal is in line with the recommendations made by the Justice BN Srikrishna Committee.