The new data bill is nothing like its first draft

Photo: Mint
Photo: Mint

Summary

The Joint Parliamentary Committee (JPC) on Personal Data Protection (PDP) bill is finally ready to table its report during the winter session of the Parliament. Mint looks at what is new in the JPC’s recommendations.

The Joint Parliamentary Committee (JPC) on Personal Data Protection (PDP) bill is finally ready to table its report during the winter session of the Parliament. Mint looks at what is new in the JPC’s recommendations.

What is the new name of the bill, and why?

The JPC has recommended that the bill should be called the Data Protection Bill, and its scope widened. It said the bill should cover not just personal data within its purview but also non-personal data and non-personal data breaches, which includes any unauthorized acquisition, sharing, use, alteration, destruction, or loss of access to such data that compromises the confidentiality, integrity or availability of this data. Accidental disclosure of non-personal data is also covered under such breaches, which means that breaches resulting from lack of proper compliance measures will also be covered by the bill.

What could be seen as non-personal data?

Simply put, the JPC is defining all data that is not personal—data that doesn’t personally identify a user— as non-personal. For instance, an anonymized data set showing the preferences of users in a particular city or state can fall under non-personal data. An expert committee chaired by Infosys co-founder Kris Gopalakrishnan had released a draft report in July, which had suggested that non-personal data should be provided to domestic companies for building products and services. It has been opposed by major social media firms and more, who think it will take away their competitive advantage

Data protection bill timeline
View Full Image
Data protection bill timeline

What could be seen as non-personal data?

Simply put, the JPC is defining all data that is not personal—data that doesn’t personally identify a user— as non-personal. For instance, an anonymized data set showing the preferences of users in a particular city or state can fall under non-personal data. An expert committee chaired by Infosys co-founder Kris Gopalakrishnan had released a draft report in July, which had suggested that non-personal data should be provided to domestic companies for building products and services. It has been opposed by major social media firms and more, who think it will take away their competitive advantage.

What criticism has the bill faced?

Seven members of the JPC, including Trinamool Congress (TMC) leaders Derek O’ Brien and Mahua Moitra, and Congress leader Jairam Ramesh have expressed dissent. On 27 November, TMC tweeted that Section 35 of the Act will give the “government exclusive rights to invade our privacy whenever they want". The bill has been criticized for excluding the government and its agencies such as the CBI and Uidai from its provisions on matters of national security and public welfare.

What else does the bill recommend?

The JPC has recommended that social media firms shouldn’t be allowed to function in India without setting up offices here. It has also said firms that do not operate as intermediaries should be treated as publishers, who will be accountable for the content distributed on their platforms. Further the JPC recommended creating an alternative payment system to SWIFT for cross-border payments, digital certification of Internet of Things (IoT) and other digital devices by the DPA, and localization of sensitive data.

 

Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
more

topics

MINT SPECIALS

Switch to the Mint app for fast and personalized news - Get App