The Joint Parliamentary Committee on the contentious Personal Data Protection Bill, 2019 has called a meeting on September 15 and 16 to finalise its long-pending report. The panel finalised the draft report last year but it wasn’t circulated to any of the members. The agenda papers circulated ahead of the latest meeting brings the panel back to square one- instead of the finalised report, it reopens the consultations.
Five members, including Chairperson of the Joint Committee on Personal Data Protection Bill Meenakshi Lekhi, were inducted into the Council of Ministers in July. Following this, Mr. Chaudhary, who for over a year in 2016-17 served as the Minister of State in the Ministry of Electronics and Information & Technology, took over as the Chairman.
Additional changes
He has proposed a few additional changes, including expanding the scope of the Data Protection Authority to cover personal as well as non-personal data that could lead the already contentious law into more muddy waters. While the Bill seeks to set up a body for governance of personal data, the government, in September 2019, set up a new committee to recommend a framework to regulate non-personal data.
Why the Personal Data Protection Bill matters
The Bill seeks to regulate the use of individual data by the government and private companies and a Data Protection Authority has been envisaged for ensuring the compliance of the law.
The proposed Act states that among other things, the authority will take “prompt and appropriate action in response to personal data breach in accordance with the provisions of this Act”. The committee has recommended that the word “personal” be omitted “to enlarge the ambit of the authority to look into data breach”.
Similarly, Mr. Chaudhary has recommended the removal of “personal” from another clause, wherein the authority needs to specify codes of practice for appropriate action to be taken by the data processor in response to a data breach.
Key suggestions ignored
Key suggestions made by members in the past consultations too have been ignored. Ten of the 30 members of the panel had moved amendments against the provision in the legislation giving power to the Central government to exempt any government agency from application of the Act. The members have said this clause makes the entire act infructuous.
The Data Protection Bill only weakens user rights
The panel, which has BJP members in majority, has, according to the sources, not included the suggestion. Opposition members whom The Hindu spoke to said that they would be filing a dissent note.
“In the peak of the COVID-19 pandemic, we deliberated and finalised our recommendations. We were told that the draft report is ready but it was never circulated to us. Now instead of tabling that draft report, we find that deliberations have reopened,” one of the members said.
The committee was formed in December 2019. It got its fifth extension in the monsoon session in July this year and has now been asked to submit the report by the winter Session that is expected to be called in November third week.
Increase in cybercrimes
The call for a data protection bill has been growing stronger amid growing threat of data breaches due to a sharp increase in cybercrimes. In May last, Air India and Jubilant FoodWorks witnessed ‘security incidents’ that put consumer data at risk.
Facebook-owned WhatsApp has also refused to withdraw the controversial update to its privacy policy but stated that it will not limit functionality of users “at least the forthcoming Personal Data Protection law comes into effect.”
