Privacy is one cornerstone of a legislative umbrella that would cover telecom, digital technology, and social media: Ashiwini Vaishnaw

We are looking at a very comprehensive set of legislations which address the fundamental constructs within the digital landscape. The first area is telecom, which is regulated by the 1885 Telegraph Act. We need a modern telecom bill because modern digital access is primarily through the phone. The second is revamping the Information Technology Act of 2000. The world has changed; the way the internet is governed has changed; technology and its usage have changed. The third is a focused legislation on protecting online personal data and privacy. We must understand that there is a very asymmetric relationship between big tech companies and the users of various platforms. This needs to be addressed properly. Privacy concerns are critical and have been framed in the Puttaswamy judgement by the Supreme Court. The fourth leg of this statutory framework is social media accountability. The question is whether it is possible to cover all these aspects in one omnibus legislation? Having an unwieldy statute governing all structures in this evolving landscape would make it impossible to address the issues as they are fleshed out. The law has to keep pace with the advancement in technology. It cannot lag behind. We will need separate and nimble pieces of legislation that are focused and can change and deconstruct issues as they evolve.

Frankly, there has been no deliberate delay. Despite the pandemic, the Joint Committee of Parliament (JCP) has held elaborate discussions with all stakeholders. Distilling all these issues into a report was a very tough task, and the Committee has to be commended for the work that has been done. It has recommended 81 amendments in a bill of 99 sections. The question before us was about how we address the 12 major recommendations that were over and above the 81 amendments. The Bill that the government presented to Parliament was practically rewritten by the JCP. The Committee’s report came on December 21. We took six months to deliberate on the issue and came to the conclusion that there was no option but to present a new bill.

We are in an advanced stage of drafting the bill. It will be focused on privacy. There would be other statutes addressing telecom, digital technology, and perhaps social media. But this bill would be focused on privacy. This would be one of the cornerstones of the digital world. Instead of putting ten different things into one legislation, we are better off having specific bills focusing on specific aspects of digital technology and its usage.

We are looking at the coming budget session to bring in the new privacy bill.

Standing Committee reference is a decision that the Hon’ble Speaker or Hon’ble Chairman has to take. But so far as I can see, there have been very detailed deliberations and the JCP report is fairly exhaustive. So we might not be required to repeat it.

You have raised a very important point. For the bill to encourage growth and innovation, four things are required. Firstly, any bill on privacy should have clarity and easily comprehensive language that can be interpreted easily by common people, not just lawyers. Secondly, the bill’s implementation should be born digital, i.e., it should be designed to be implemented digitally. Thirdly, there should be a good scope for professionals, people who understand technology, and their voices should have weightage in the bill. Fourthly, the bill should specifically provide for innovation, and our start-up ecosystem should grow as opposed to being stifled. We have the third largest start-up ecosystem and it should not be hindered by over-regulation.

As a matter of propriety, I cannot comment on the new draft. I am only telling you what should be factored in. The original bill was focused on personal data protection. The JPC enlarged its scope to include non-personal data. We need to have a proper mechanism on how to process non-personal data. We need to understand the basic difference between protecting privacy and processing non-personal data. We need to take a considered view on whether non-personal data should go into other legislation concerning digital technology. We need to take a call on that.

The fact is that the Indian IT industry today is growing at a rapid pace. In the last fiscal, the IT industry clocked revenue of 227 billion USD and crossed a very important landmark of employing 5.5 million people. The world has an implicit trust in how the Indian technology industry handles data. The export of technology has not been hampered by a lack of legislation. The privacy law has not been codified, but the Supreme Court has laid down the law in the Puttaswamy judgement. So it is not as if India does not have a legal framework for privacy.

The way the global thought process is evolving points to the consensus that social media has to be held accountable. Many Members of Parliament from almost every party have raised concerns about the accountability of social media. We need to move towards accountability of the content on social media because it is guiding public discourse. Such legislation exists across geographies, so we’re not alone in envisaging that.

In fact, the exemptions given in the GDPR are far wider. The GDPR legislation gives about 23 exemptions. What we have done is strictly keeping the constitutional scheme of exemptions to personal freedoms. We have adhered to that. It would be unfair to say we’re invading privacy.