Personal Data Protection Bill
Context:
- The Personal Data Protection Bill has been removed from Parliament by the Indian government while it explores a “complete legal framework” to oversee online activity and foster innovation in the nation.
What was the Personal Data Protection Bill and what were its biggest obstacles?
About:
- On December 11, 2019, the Minister of Electronics and Information Technology introduced the Personal Data Protection Bill, 2019 in Lok Sabha.
- Commonly known as the “Privacy Bill,” it was designed to safeguard individual rights by limiting the gathering, transfer, and processing of data that is personal or that can be used to identify a specific person.
Challenges:
- Many claim that in the cyber world, it doesn’t matter where the data is physically located because the encryption keys might still be hidden from governmental agencies.
- The terms “national security” or “legitimate purposes” are ambiguous and subjective, which could result in the state meddling in citizens’ personal affairs.
- Technology behemoths like Facebook and Google oppose it and have criticised the protectionism of the data localization policy because of concern that it would spread to other nations.
- Social media corporations, industry professionals, and even ministers had rejected it, claiming that it had too many flaws to be efficient and advantageous for both customers and businesses.
- Additionally, it can backfire on established companies who process foreign data in India as well as on emerging businesses in India that are striving to go worldwide.
The Bill was withdrawn for what reasons?
Far too many changes:
- The Personal Data Protection Bill, 2019 underwent thorough analysis by the Joint Committee of Parliament.
- 12 recommendations and 81 amendments were put forth in an effort to create a thorough legal framework for the digital ecosystem.
- A thorough legislative framework is being developed in light of the JCP’s report.
- So, it is suggested that you withdraw.
Compliance Hurdles:
- The Bill was also criticized by the nation’s startups as being too “compliance-intensive.”
- The revised legislation will be a lot simpler to follow, particularly for entrepreneurs.
- Data Localisation concerns: The IT businesses raised concerns about a proposed clause in the Bill dubbed Data Localisation.
- Data localization would have made it essential for businesses to keep a copy of specific sensitive personal data in India, and it would have prevented the export of unspecified “important” personal data.
- The central government and its agencies would be given broad exclusions from all of Bill’s requirements, according to the activists’ criticism.
Various Stakeholders Opposed It:
- A wide range of stakeholders, including large internet corporations like Facebook and Google, as well as privacy and civil society organizations, had strongly opposed the law.
Implementation Delay:
- Several stakeholders have criticized Bill’s delays, pointing out that India’s lack of a fundamental framework to protect individuals’ privacy was a cause for serious worry.
- What recommendations did the Joint Committee of Parliament make?
- The Srikrishna panel’s finalized bill was subject to 81 proposed amendments, as well as 12 recommendations, one of which was to broaden the proposed law’s purview to include discussions of non-personal data and shift the focus of the bill from personal data protection to more comprehensive data protection.
- Any collection of data that lacks personally identifiable information is considered non-personal data.
- Additionally, the JCP study made suggestions for improvements to social media company regulation and the use of only “trusted hardware” in cellphones, among other things.
- It was suggested that social media platforms that do not serve as middlemen should be regarded as content publishers and held accountable for the material they host.
Steps to Take Ahead:
Localization of Data:
- The information must be accessible in the event of a crime and kept in a location that the Indian government trusts.
- Additionally, the government may think about restricting cross-border data flows to “trusted regions.”
Data classification:
- In terms of data localization, the new Bill might do away with the classification of personal data and limit its use to determining damages for individuals whose personal data may have been compromised by an entity.