Data Protection Bill: House panel suggests one authority for all data

BL New Delhi Bureau | | Updated on: Dec 16, 2021

For greater accountability of social media platforms; suggests governments and fiduciaries implement law in 2 years

A Joint Select Committee of Parliament has recommended substantial changes to the Personal Data Protection (PDP) Bill. The Committee on PDP legislation tabled its report with a draft amended Bill in Parliament on Thursday. It has made 81 recommendations for modifications and the draft amended Bill has 150 corrections and improvements to various clauses of the PDP Bill.

The Bill provides for the establishment of a Data Protection Authority (DPA) and addresses issues arising out of the Supreme Court’s verdict establishing privacy as a fundamental right in Justice KS Puttaswamy-versus-Union of India . The panel also considered the recommendations and the draft Bill of Justice Srikrishna committee. The panel felt that all data have to be dealt with by one DPA. “Since the Bill provides for the establishment of one Data Protection Authority, we cannot have two DPAs, one dealing with privacy and personal data and the other with non-personal data,” the report said.

The panel has set a two-year deadline for the government and the data fiduciaries to make the changes to policies, infrastructure, processes, etc.

Major recommendation

Another major recommendation is treating all social media platforms as publishers and be held accountable for the content they host. The panel noted that these platforms have the ability to select the receiver of the content and also exercise control over the access to any such content hosted by them. “Once application for verification is submitted with necessary documents, social media intermediaries must mandatorily verify the account,” it said.

The panel pressed for developing an indigenous financial system on the lines of ‘ripple’ in the US and the EU’s INSTEX. It said in the present SWIFT network, privacy has been compromised.

It called for preparing a policy for gradual data localisation. It has asked the Centre to devise a single window system to deal with complaints, penalties and compensation. It wants the government to set up a statutory body for media regulation.

Penalty provisions

The panel recommended that penalty provisions for data fiduciaries should be flexible as digital technology is evolving rapidly. If a fiduciary fails to register with the DPA or does not undertake data protection impact assessment or does not conduct a data audit, the penalty could be ₹5 crore or two per cent of its total worldwide turnover of the preceding financial year, whichever is higher. For processing personal data in violation of the provisions of the Bill, or for personal data of children, or for transfer of personal data outside India, the penalty could be ₹15 crore or four per cent of its total worldwide turnover of the preceding financial year, whichever is higher.

Head of the government departments should not be made directly responsible for data breach, it said. The fiduciary should report a data breach within 72 hours. Tabling the report, panel member Jairam Ramesh said in the Rajya Sabha that the work of the Joint Select Committee is an example of cooperation. “If the Chairman is cooperative, the Opposition is responsive,” he said.

Published on December 16, 2021
This article is closed for comments.
Please Email the Editor

You May Also Like

Recommended for you