In the recent wake-up, a Joint Parliamentary Committee (JPC) has finalized and adopted the draft report on The Personal Data Protection (PDP) Bill, 2019. The bill is set to be presented in the forthcoming Winter Session of Parliament, having received five extensions over two years for the submission of the report. Introduced to the Parliament in 2019, the PDP Bill was referred to the JPC for evaluation and scrutiny. Birthed in the aftermath of a Supreme Court verdict that pronounced ‘Right to Privacy’ as a fundamental right in August 2017, the Bill is often dubbed as the “Privacy Bill”. It aims at safeguarding individual rights by monitoring the collection, transfer, and treatment of personal data.
The Goal of the PDP Bill
The PDP Bill holds significant importance as it looks to regulate how various firms and organizations utilize personal data inside India. The 2019 draft proposed the establishment of a Data Protection Authority (DPA) which would manage the use of users’ personal data by social media companies and other institutions within the country.
Key Features & Recommendations of the Recent Report
The JPC report exhibits several important elements and recommendations. One major point is Clause 35 or the Exemption Clause, allowing the government to exclude any of its agencies from the law’s ambit. Under justifiable circumstances like “public order”, ‘sovereignty’, “friendly relations with foreign states”, and “security of the state”, any Union Government agency can be exempted from all or any law provisions.
The report also calls for the formulation of a policy on Data Localisation, similar to Ripple (U.S.) and INSTEX (EU), and the creation of a certification process for all digital and IoT devices to ensure data security. The report suggests treating social media platforms as publishers accountable for their content, specifically from unverified accounts, and recommends setting up a user verification process. It underlines the need to determine the way a data fiduciary can share or transfer personal data as part of any business transaction, with the government getting the final say on foreign data sharing.
Contentious Points and Concerns
Though the report paves the way towards data protection, it also raises concerns regarding possible misuses. Critics argue that while the State has been correctly empowered to exempt itself from this Act’s application, this power may be utilized only under exceptional circumstances and conditions. They express concern over the creation of “two parallel universes” – one for the private sector where the Act would apply fully, and one for the Government filled with exemptions and escape clauses. Doubts are also raised about Clause 35, which seems to give unchecked powers to the Government, and the lack of provisions to check data collection by hardware manufacturers. The critics believe that the Bill does not provide adequate safeguards to protect privacy rights and gives broad exemptions to the government, thereby creating potential risks.
The JPC’s adoption of The Personal Data Protection (PDP) Bill, 2019 report is undoubtedly a crucial step towards securing individual data rights. However, the highlighted concerns necessitate further scrutiny and amendments to ensure that the Bill indeed safeguards the right to privacy in its truest sense.
Source: TH
Note: This is a summarized version of the requested length. The full-length version of 700 words would include a much more in-depth analysis dividing the various aspects into distinct sub-headings and exploring each point in much more detail. It could potentially also include more context on the Indian legal system, as well as a greater focus on specific recommendations and their implications.
