08 Aug Delay in data law
Delay in data law
Why in news?
After a Joint Parliamentary Committee gave the Personal Data Protection Bill, 2019 a close look, the administration decided to withdraw it (JPC).
Origin of the Bill
- The Supreme Court of India ruled that the right to privacy is an essential component of the right to life and the freedom of the individual as protected by the Indian Constitution in the landmark Justice K.S. Puttaswamy (Retd) v. Union of India decision.
- As a result of this ruling, questions about how major digital companies were handling the personal data of their Indian consumers began to surface.
- The Centre established an expert committee in 2017 to develop a legal framework for data protection, which was presided over by retired Supreme Court Justice B.N. Srikrishna.
- On July 27, 2018, the Srikrishna committee sent a draught of the Data Protection Bill and its report to the Ministry of Electronics and Information Technology.
- Justice Srikrishna questioned the Ministry’s Bill in Parliament for providing the Central government more power over the data than was intended in the committee’s draught.
- Following its deliberations on the Bill, the JPC presented its report in November 2021.
- Clause 35, which permits government agencies to ignore legal requirements by invoking public order, sovereignty, good relations with other countries, and security, was upheld by the JPC.
- Why was the bill withdrawn at this time?
The government has withdrawn the law even though it still has access to data
- The JPC’s substantial number of revisions, recommendations, and corrections are identified as the cause.
- In its 542-page report, the JPC made 93 recommendations, 81 modifications, and 97 changes and improvements to the Bill.
- The main suggestion is to broaden the scope of the Personal Data Protection Bill, 2019 to include all data rather than just personal data, which would significantly distance it from its Puttaswamy roots.
- The government’s official position is that it is preferable to introduce a new Bill in the face of such a significant reform.
What does the Bill have to say about localising data?
- Any distinctive trait, attribute, or other feature information that can be used to identify a person is referred to in the Bill as personal data.
- Additionally, a subcategory of sensitive personal data was mentioned in the bill.
- Information on a person’s finances, health, sexual preferences and habits, caste, political and religious convictions, as well as biometric and genetic information, make up this type of information.
- Additionally, it established a Critical Personal Data Category that included any future “personal data as may be reported by the Central government.”
- According to the Bill, although sensitive personal data can be processed abroad, a copy must be preserved in India.
- Only India is permitted to hold and process Critical Personal Data.
What worries did the tech sector have?
- Indian start-ups have complained that the infrastructure required to meet the localization requirements will be a significant financial burden.
- Additionally, startups frequently rely on foreign firms for services like customer management, analytics, and marketing, necessitating the export of consumer data.
- Data localization regulations would limit their options for such services and add to their compliance burden.
- The larger US-based tech corporations are also affected by the compliance requirements.
- According to reports, lobbying opposing the law was being done by US business umbrella organisations.
What should we do next?
- The government must take into account any new legislation that fits within the overall legal framework.
- One of the JPC’s suggestions, which attempted to elevate social media businesses from the status of online intermediaries to content providers, would have been of particular concern to them.
- They are now in charge of the post they host as a result.