The Joint Parliamentary Committee’s (JPC) report on the Personal Data Protection (PDP) Bill, now referred to only as the Data Protection Bill, has overlooked the operational issues that may arise while following the recommendations made by it, policy groups and industry as well as think tank experts said.
One major bone of contentions, for example, is the wide range of exemptions given to the government for the way it will be able to handle and process data, Kazim Rizvi, Founder, The Dialogue, a public policy think tank.
Section 35 of the Bill, which also saw the most number of dissent notes being filed by members of the Opposition, has seen little change to it despite all the deliberations over the last two years, Rizvi said, adding that the scope of the section and its conditions provided remained wide.
He added, “Though the JPC has in its recommendations added to this section, in its explanation, that the expression procedure used in the section entails a ‘just, fair, reasonable and proportionate procedure’, the broad nature of terms and the manner prescribed have not allayed surveillance concerns of this provision to exempt government agencies from the entirety of the Bill.”
Similarly, the inclusion of non-personal data within the ambit of the Bill could be problematic and at odds with the objective of the non-personal data governance framework, which is to derive maximum value from data, BSA-The Software Alliance, a trade group established by Microsoft said in a statement.
“Removing provisions on non-personal data, avoiding mandatory data localisation, and promoting cross-border data transfers in the final Bill will support the Bill’s objectives which is to safeguard personal data and enhance privacy protections,” Venkatesh Krishnamoorthy, India manager at the trade group said.
Some changes needed
The JPC has tabled its report in the House after two years, having gotten six extensions to finalise its recommendations. Experts are of the opinion that the Bill must undergo some changes before it can presented in the Lok Sabha and Rajya Sabha again for passage.
The mandatory data localisation clause and restrictions placed on cross-border data transfer also has global companies and trade groups worried. Experts are of the opinion that it could “hinder the ability to enhance network resiliency and remediate in case of a data breach or outage”.
“We remain concerned that the proposed data localisation requirements and data transfer restrictions would ultimately undermine data protection and economic opportunity in India by impeding interoperability with emerging international norms and practices,” the Global Data Alliance said in a statement.
The JPC’s report was, however, welcomed by industry group Nasscom, which said that it would continue to work with the government towards passing a law that brings regulatory certainty, while also asking for more debate on certain aspects. “While the JPC has retained much of what was positive with the 2019 Bill, and accepted many more recommendations from the industry, certain areas will require further deliberation — particularly the expansion of the scope to cover non-personal data,” the association’s president Debjani Ghosh said.
The JPC’s recommendation that all social media firms be considered publishers if they are not acting as intermediaries could place “disproportionate regulatory burden on smaller social media intermediaries”, Pradeep S Mehta, secretary general at policy group CUTS International, said. “The committee appears to paint all social media platforms with the same brush, which could adversely impact innovation and growth in the domestic ecosystem,” he added.
All the new provisions introduced with the stakeholders should be discussed thoroughly before being placed in the final Bill, Kumar Deep, country manager at the Information Technology Industry Council said. “Some of the provisions, including the inclusion of non-personal data, hardware testing and compliance, should be discussed with stakeholders to ensure they don’t severely restrict India’s ability to do business or stifle innovation and future investments.”