Professional Documents
Culture Documents
On 16 December 2021, the Joint Parliamentary Committee has published its report
along with the finalised Data Protection Bill, 2021. When passed into law, this has
the potential to change the way in which data is used by businesses.
Some of the key JPC recommendations reflected in the New Bill that impact doing
business in India are regarding some below mentioned concepts:
Data Localisation
Cross Border Data Transfer
Non Personal Data (Recommendation no.2 ,point 26)
Data Breach
Children’s Personal Data
Social Media Platforms
Children’s data (Recommendation No. 38, pp. 72-74)
Data regulation sans privacy (Recommendation Nos. 8, 14, p. 37, pp. 46-47)
Some have observed that the Bill violates the principles of the fundamental
right to privacy established in the Puttaswamy decision by granting multiple
exemptions to the government. Another notable point is that the notion of
‘guardian data fiduciaries’ has been eliminated in the Bill.
The Data fiduciary is now prohibited from profiling and tracking data
relating to children and the only way to know that the data fiduciary is
working with an adult and not a child is for each person to attest that they
are of legal age, an important aspect which can be easily surpassed.
Additionally, the replacement of the concept of ‘best interests of the child’ is
also extremely controversial.
The Bill recommends that the phrase ‘social media intermediary’ in the law
should be replaced with the term ‘social media platform’. This change is
crucial as the present law and regulations provide the provisions relating to
‘intermediaries’ and not the ‘platform’.
This change alone could lead to several misinterpretations and loopholes, a
major concern considering the massive amount of transactions and
businesses that intermediary platforms are involved in and the huge amount
of data they collect through the transactions.
The Bill takes away the basic autonomy that the Data Protection Authority
requires to function without any bias. Reducing the role of government and
increasing the independence of the Data Protection Authority needs to be
given importance.
Furthermore, the provisions relating to non-personal data shall be given
enough attention and shall be open for more deliberation and suggestions
from the stakeholders as the personal data was given, because any fast and
reckless law regarding the same will lead to a regressive business
environment.
It’s been two years since the PDP Bill was brought. The present draft bill
shows that India still has a long way to go to have its data protection regime.
Another important aspect of all this is the concept of Mass Surveillance.