The Joint Parliamentary Committee (JPC) on the Personal Data Protection Bill, formed in 2019, presented its report in Rajya Sabha on Thursday paving way for the first data protection law in India. The JPC report recommends wide-ranging changes, including widening the scope of the Bill to include non-personal data and pitches for all social media platforms to be declared ‘publishers’.
India has become one of the biggest internet markets worldwide and so there needs to be clear laws on what’s permissible and what’s not. Congress MP Jairam Ramesh tabled the report in Rajya Sabha which was a result of nearly two years of deliberations.
The 542-page JPC report is the clause-by-clause examination of the Personal Data Protection Bill of 2019 and contains 81 recommendations for modifications and over 150 drafting corrections and improvements in various clauses of the Bill.
According to JPC Chairman PP Chaudhary, the report will have a global impact and far-reaching ramifications for handling and protecting personal and non-personal data in the country. The JPC report also contains seven dissent notes signed by eight Opposition members.Â
Salient features of Personal Data Protection Bill
Promote concepts like consent framework, purpose limitation, storage limitation and data minimisation.
Collect only those personal data that is required for a specific purpose and with the express consent of the individual.
Rights to obtain personal data, correct inaccurate data, erase, update, port the data to other fiduciaries and the right to restrict or prevent the disclosure of personal data.
Personal Data Protection Bill will allow establishing an Authority to be called the ‘Data Protection Authority of India’.
The Authority shall consist of a Chairperson and not more than six whole-time Members to be appointed by the Central Government.
It shall protect the interests of data principals, prevent any misuse of personal data, ensure compliance with the provisions of the proposed legislation and promote awareness about the data protection.
The committee has said that the PDP Bill should cover both sets of data till an additional framework is established to distinguish between personal and non-personal data.
To specify a provision relating to social media intermediary whose actions have a significant impact on electoral democracy, security of the State, public order or the sovereignty and integrity of India.
To confer a ‘right of grievance’ on data principal to make a complaint against the grievance to the data fiduciary and if aggrieved by the decision of such data fiduciary, he may approach the Authority.
Clause 32 allows the data principal to file a complaint against the data fiduciary, clause 64 allows the data principal to seek compensation by filing a complaint with the adjudicating officer.
To empower the Central Government to exempt any agency of Government from the application of the proposed Legislation.
To empower the Authority to specify the ‘code of practice’ to promote good practices of data protection and facilitate compliance with the obligations under this legislation.
To appoint ‘Adjudicating Officers’ for the purpose of adjudging the penalties to be imposed and the compensation to be awarded under the provisions of this legislation.
To establish an Appellate Tribunal to hear and dispose of any appeal from an order of the Authority under Clause 54 and the Adjudicating Officer under Clauses 63 and 64.
Impact on Social media platforms
All social media platforms that do not act as intermediaries be considered publishers and, therefore, be held accountable for the content they host.
A mechanism may be devised by which social media platforms which do not act as intermediaries are held responsible for the content from unverified accounts on their platforms.
No social media platform be permitted to operate in India unless the parent company in charge of the technology sets up an office in the country.
The Joint Parliamentary Committee has recommended that a statutory media regulatory authority, similar to the Press Council of India, be established.
The purpose is to regulate the content on all social media platforms, regardless of whether their content is published online, in print or anywhere else.
Personal Data Protection Bill summary
Once Personal Data Protection Bill becomes an Act there are several compliances to be followed by organisations processing personal data.
Organisations processing personal data have to ensure the protection of privacy of individuals relating to their Personal Data.
Once Personal Data Protection Bill comes into force, the consent of the individual would be required for the processing of personal data.
Based on the type of personal data being processed, organisations will have to review and update data protection policies, codes to ensure these are consistent with the revised principles.
Data Protection Officer have to be appointed by the Significant Data Fiduciary, and institute grievance redressal mechanisms to address complaints by individuals.Â
