In the upcoming Winter Session of the Parliament, the government is set to take up the Personal Data Protection Bill 2019, which was opposed by BJP’s rival parties due to the exemptions it provided to government probe agencies.
It was brought to the Parliament in 2019 and referred to a joint parliamentary committee (JPC) after Opposition uproar and for further scrutiny. The JPC has, after two years of deliberation, adopted the report on the bill.
Congress leader and chief whip of the party in Rajya Sabha Jairam Ramesh was among the four MPs from the Congress besides two MPs from the Trinamool Congress and one from the Biju Janata Dal to submit their dissent notes on the report of the committee, headed by P P Chaudhary.
The JPC has suggested widening the scope of the bill to include data collected by electronic hardware and non-personal data instead of separate legislation on the same. The panel also commented on caveats for social media in this bill.
What is the bill?
The bill seeks to provide for the protection of personal data of individuals and establish a Data Protection Authority for the same. As per the PDP Bill, the Centre can exempt its agencies from the provisions of the Act for protecting national interests and for protecting the security of the state, public order, sovereignty and integrity of India.
Exemption of certain provisions for processing personal data in the interests of prevention, detection, investigation and prosecution of any offence or any other contravention of any law was also provided for in the bill.
Also Read | Ahead of Winter Session of Parliament, govt calls all-party meet on Sunday; PM likely to attend
What was the Opposition’s beef with it?
The Opposition was against granting "unbridled powers" to the Centre to exempt any of its probe agencies, including the Enforcement Directorate (ED) and CBI, from the purview of the entire Act.
Some of the opposing MPs suggested that the government should seek parliamentary approval for allowing exemptions to its agencies from the purview of the Act as a safeguard for ensuring greater accountability, but the same was not accepted.
Data protection and privacy of individuals have been the foremost worries among Opposition in certain provisions of the bill.
What are the JPC’s recommendations?
The JPC has recommended including in the legislation non-personal data, which is any set of data that cannot be used to identify a person, adding that the DPA should handle non-personal data-related issues, according to a report by The Indian Express.
The panel also suggested bringing in legislation to empower the DPA to monitor data handling through electronic hardware like telecom gears in the law. The bill, when introduced in 2019, did not have any provision for this. The panel said this would help in forming a secure framework for hardware equipment against possible breaches, the report added.
The JCP has reportedly also recommended bringing all social media intermediaries under the IT rules under the Bill’s ambit and label them ‘social media platforms’, thereby treating them as publishers and holding them responsible for content on their platforms.
The panel has also said the government should have an increased role in the movement of domestic data outside the country and direct DPA on other issues.
The committee favoured having a wider definition of a consent manager and recommended that the definition of harm should include psychological manipulation that affects the decision-making of an individual.
The committee report has also maintained a penalty clause while fixing the upper limit, sources said.
In case of minor delinquencies, the penalty on data fiduciary will not exceed Rs 5 crore or 2 per cent of total worldwide turnover. For major delinquencies, a penalty shall also be laid down by the Central government but it will not exceed Rs 15 crore or 4 per cent of its total worldwide turnover of the data fiduciary, sources told PTI.
(With agency inputs)