Comments
A Joint Select Committee of Parliament has recommended substantial changes to the Personal Data Protection (PDP) Bill. The Committee on PDP legislation tabled its report with a draft amended Bill in Parliament on Thursday. It has made 81 recommendations for modifications and the draft amended Bill has 150 corrections and improvements to various clauses of the PDP Bill.
The Bill provides for the establishment of a Data Protection Authority (DPA) and addresses issues arising out of the Supreme Court’s verdict establishing privacy as a fundamental right in Justice KS Puttaswamy-versus-Union of India . The panel also considered the recommendations and the draft Bill of Justice Srikrishna committee. The panel felt that all data have to be dealt with by one DPA. “Since the Bill provides for the establishment of one Data Protection Authority, we cannot have two DPAs, one dealing with privacy and personal data and the other with non-personal data,” the report said.
The panel has set a two-year deadline for the government and the data fiduciaries to make the changes to policies, infrastructure, processes, etc.
Major recommendation
Another major recommendation is treating all social media platforms as publishers and be held accountable for the content they host. The panel noted that these platforms have the ability to select the receiver of the content and also exercise control over the access to any such content hosted by them. “Once application for verification is submitted with necessary documents, social media intermediaries must mandatorily verify the account,” it said.
The panel pressed for developing an indigenous financial system on the lines of ‘ripple’ in the US and the EU’s INSTEX. It said in the present SWIFT network, privacy has been compromised.
It called for preparing a policy for gradual data localisation. It has asked the Centre to devise a single window system to deal with complaints, penalties and compensation. It wants the government to set up a statutory body for media regulation.
Penalty provisions
The panel recommended that penalty provisions for data fiduciaries should be flexible as digital technology is evolving rapidly. If a fiduciary fails to register with the DPA or does not undertake data protection impact assessment or does not conduct a data audit, the penalty could be ₹5 crore or two per cent of its total worldwide turnover of the preceding financial year, whichever is higher. For processing personal data in violation of the provisions of the Bill, or for personal data of children, or for transfer of personal data outside India, the penalty could be ₹15 crore or four per cent of its total worldwide turnover of the preceding financial year, whichever is higher.
Head of the government departments should not be made directly responsible for data breach, it said. The fiduciary should report a data breach within 72 hours. Tabling the report, panel member Jairam Ramesh said in the Rajya Sabha that the work of the Joint Select Committee is an example of cooperation. “If the Chairman is cooperative, the Opposition is responsive,” he said.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.