- GS-2: Government policies and interventions for development in various sectors and issues arising out of their design and implementation.
Road to data protection law
Context: On Monday, the Joint Parliamentary Committee (JPP) on the Personal Data Protection Bill of 2019 is said to have adopted the final draft. The Bill is slated to be tabled in the Winter Session.
Why does India need a data protection law?
- Amid the proliferation of computers and the Internet, consumers have been generating a lot of data, which has allowed companies to show them personalised advertisements based on their browsing patterns and other online behaviour.
- Companies began to store a lot of these datasets without taking the consent of the users, and did not take responsibility when the data leaked.
- To hold such companies accountable, the government in 2019 tabled the Personal Data Protection Bill for the first time.
What is said to be in the final draft?
- One of the major changes that the final draft of the PDP Bill is believed to have pushed for is to include non-personal data within its ambit, which changes the nature of the Bill from personal data protection to just data protection.
- The final draft is also said to have sought additional compliance for companies that deal exclusively with children’s data, by asking them to register with the Data Protection Authority — a regulatory body that will have powers to decide on implementing the law’s various provisions.
- A third key aspect that the committee is said to have pushed for is to consider all social media companies as publishers, and to hold them accountable for the content on their platform if they are not acting as intermediaries.
- It is said to have recommended that no social media company be allowed to operate in India unless the parent company handling the technology sets up an office in India.
- Other aspects such as setting up of an indigenous architecture, which can be an alternative to the internationally accepted SWIFT payment system, are also said to have been suggested.
- A key suggestion said to be made by the JCP, which also received the most dissent from members, is wide-ranging powers for the government such as exempting any agency from application of the law.
- From the private sector, executives from Visa, MasterCard India, Google India, PayTM, Facebook India, Twitter India, Amazon Web Services as well as Amazon India, among others, have made submissions to the panel.
What were their submissions?
- In their meeting with the JPC, Google’s representatives had said India should avoid making data localisation a requirement, which had upset the members of the committee.
- Paytm, on the other hand, had said data generated in India should be parked in the country.
- Cab aggregators such as Ola and Uber, whose representatives appeared before the JPC earlier this month, have supported data localisation norms.
- Companies, tech policy groups and even JCP members had also called for reconsideration of the one-size-fits-all approach based on binary age threshold for children, given the vast geographic and cultural diversity of children across the country and their varying maturity levels and needs.
- Companies and policy groups had also expressed apprehensions about the possible inclusion of certain clauses related to non-personal data and had told the JCP that it carried a very high risk of re-identification and may lead to legal complications for stakeholders.
- Policy groups had repeatedly objected to the blanket exemptions to the central and state governments along with allied agencies.
- The functional and structural independence of India’s first data regulator is a key aspect considering the crucial role it plays as the mediator between all vested stakeholders that is citizens, businesses and the government themselves