JCP on the Personal Data Protection Bill
Part of: Prelims and GS II – Polity and governance
Context The Joint Committee of Parliament (JCP) on the Personal Data Protection Bill tabled its report in both Houses.
- Non-Personal Too: The nature of the Bill itself is for inclusion of non-personal data within the larger umbrella. All issues under the new legislation will be dealt with by a single Data Protection Authority (DPA) instead of separate ones for personal and non-personal.
- Transition Period: To ensure that all such data aggregators get ample time to comply with the rules under the new Bill, the JCP suggested that up to 24 months be given from the date of notification of the Act.
- Social Media Liability: Social media platforms that do not act as intermediaries should be treated as publishers, and therefore be held liable for the content they host.
- Penalty: A fine of up to Rs 15 crore or 4% of the total global turnover of the firm for data breaches, and a jail term of up to 3 years if de-identified data is re-identified.
- Timely Alert: In case of any data breach, the data aggregator must notify the DPA within 72 hours of becoming aware of it.