PDP Bill emphasizes data management, not protection


The crucial but controversial personal data protection bill (PDP Bill 2019) may have just entered the home stretch before becoming law, but a tricky question now arises: the bill. has he lost his name?

Originally a bill that grew out of a well-intentioned movement to protect the privacy and personal rights of individual citizens on the internet, the remixed version that will eventually go to cabinet, and ultimately, parliament, seems more like a reinvention, where “staff” seems to have been clinically excluded from the equation in favor of data management rather than protection.

“Apart from the exemption[s], the PDP Bill contemplates granting the government broader power to compel the disclosure of information that does not constitute personal data and this power is extended to any government organization engaged in the prevention or detection of criminal activity ”Said Satya Muley, founder of the law firm. Satya Muley & Co and a lawyer at the Supreme Court.

“Such a broad authority can conflict with other fundamental rights in India,” he added.

The irony is blatant. The PDP bill was initially conceptualized from the landmark Supreme Court ruling in 2017 which first recognized the “right to privacy” as a fundamental right. The Supreme Court then ordered the government to develop a framework to govern personal data in order to guarantee citizens’ right to confidentiality of information. This led to a committee headed by Judge Sri Krishna who submitted a comprehensive report recommending strict laws to protect Indian data privacy and the establishment of a data protection authority to govern its implementation, like the European citizen-centric GDPR, or General Data Protection Regulation.

But, the bill that was tabled in parliament during the 2019 winter session took a distinctly different stance, overturning the concept of privacy. It gave government law and order agencies unrestricted access to data, which sparked an uproar among opposition ranks as well as civil society activists. This forced the government to send him to a parliamentary committee, resulting in another two-year delay (and it’s not over).

However, the latest variation of the bill that was approved earlier this week by the joint committee headed by BJP MP PP Chaudhary doesn’t look much different at first glance, sticking to the national security argument. forcing government agencies to tap into personal resources. The data. Seven of the 31 committee members raised objections to various clauses, although, despite this, the bill was allowed to be tabled in parliament, once the JPC and the Green Cabinet reported it.

“The introduction of comprehensive data protection legislation will bring a paradigm shift in how our tech ecosystem is regulated (but) civil society concerns (include) the blanket exemption provided to government and agencies allies by the bill, “Kazim said. Rizvi, who heads technology policy advocacy group The Dialogue.

Muley points out: “The Srikrishna committee report recommended that all policies and controls to protect sensitive information also apply to government agencies. However, the 2019 bill and the current bill recommended by the parliamentary committee proposed an exception allowing government agencies to access any person’s sensitive personal information for state and sovereign purposes.

“The power to access personally sensitive information for reasons of” public order “,” sovereignty “and” state security “threatens to create an unfettered and dangerous exemption,” he said. added.

Concerns stem from the fact that from a law that was supposed to protect the rights and privacy of citizens online, the current draft appears to have watered down most of the provisions in favor of broader government privilege. It goes beyond sensitive personal information online. The plan to use, or even monetize, non-personal and anonymized data for “better targeting of services” is confirmed.

Then there is also the regulator – the powers of the Data Protection Authority seem to have been slowly anchored, at first glance. “The main responsibility for notifying other categories of sensitive personal data earlier was with the authority, but this has now been transferred to the central government in the 2019 version of the bill,” Rizvi pointed out. Even appointments to the committee, which were originally to be made by the judiciary, have now been passed on to the government.

While at some level, the tech powers that be may welcome the relaxation of the law, they would have a tough job ahead of them if the law is passed as it is – some strict provisions for media companies social networks include holding them responsible for content posted on their platforms as “editors” and not as intermediaries. The clause on authenticating each user on social media platforms can also be cumbersome, even downright cumbersome.

But not everyone thinks the new law is a disappointment. “The bill imposes strict responsibility on private actors to report data breaches, appoint a data protection officer, mandatory statements on the transmission of information to third parties, which are part of the benefits of the draft law, “argued Rishi Bhatnagar, President of IET India Future. Technical panel.

The law, which will include the IT law of 2000 which until now governed aspects related to the Internet, also stipulates the local storage of data.

“Sensitive citizen data is secure, stays within national borders… the government is taking the right step to hold companies accountable in the event of discrepancies,” said Kunal Kislay, CEO and Founder of Integration Wizard Solutions. However, the cost of this can be high and burdensome for small businesses and startups, not to mention the training required for compliance.

It remains to be seen whether the union cabinet will speed up the bill for passage in the winter session from a few days away, given that it is sure to spark stormy scenes of debate and dissent. The delay will also cost the average Indian dearly, as Muley pointed out: “Even today India does not have comprehensive legislation for the protection of personal data. We continue to see the widespread collection, misuse of sensitive personal information for marketing, surveillance and other unauthorized purposes without the consent or even the knowledge of the individual.

“There are a lot of hopes attached to the PDP bill,” he added, “there is also urgency.”


Comments are closed.