‘Service providers liable for data privacy breach’

AM Jigeesh New Delhi | Updated on October 21, 2021

The March 2019 government document cited the storing of 16-digit card numbers and other personal information such as customer names, account numbers and national identity numbers in “plain text” in some databases, leaving the data unprotected if the system was breached   -  istock/liulolo

Parliamentary panel on data protection Bill suggests critical amendments for adoption in the winter session

Parliament’s Joint Committee on the Personal Data Protection Bill, 2019, has completed its deliberations with most MPs underlining that the data fiduciaries should be held responsible if a breach of privacy takes place. Data fiduciaries would be the service providers in this context.

The panel has also sought clarity on the process of selecting the members and chairman of the proposed Data Protection Authority of India. The report, which also includes a draft amended Bill, will be circulated to all members once again for their approval. The report will be finalised before November 12 so that it can be tabled in Parliament during the winter session.

A member of the panel told BusinessLine that this report is not much at variance with the earlier one that flagged six issues at the time when Minister of State for External Affairs Meenakshi Lekhi was its chairperson. “We have worked out these six issues,” he said.

Key issue

A key issue relates to role of the fiduciaries in the case of breach of data. “Most of the members are of the opinion that if the ‘data principal’ is affected, and the ‘data fiduciary’ is unable to identify the person who is affecting the ‘data principal’, then the ‘data fiduciary’ should be held responsible. If somebody is doing something against a person’s privacy through a social platform and if the ‘data fiduciary’ or the service provider cannot control that person, then the ‘data fiduciary’ should also be held responsible,” a member said.

There are amendments recommended to Chapter VIII of the Bill that deals with exemptions. Amendments have been suggested to Section 35 of the Bill to the effect that though the Centre has powers to give exemptions, it has to be done in writing. “The government has not accepted it. We want all exemptions in writing so that a copy can be produced in courts or accessed through RTI. There was also a view that the exemptions have to be approved by Parliament,” another member said.

Another issue relates to the structure of the selection committee for members and chairperson of the Data Protection Authority. The panel has suggested that the committee needs an expert in the domain.

Published on October 21, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like