The Unique Identification Authority of India (UIDAI) has asked for exemption from the Personal Data Protection (PDP) Law. In an interaction with the Joint Parliamentary Committee on Data Protection Bill 2019 on Thursday at its office in Bengaluru, UIDAI functionaries said the authority is already being governed by the Aadhaar Act and there cannot be duplicity of laws.
Ironically, it was making Aadhaar compulsory for many key services including the banks that first triggered the data privacy debate. The genesis of this Bill lies in the report prepared by a Committee of Experts headed by Justice B.N. Srikrishna. The committee was constituted by the government in the course of hearings before the Supreme Court in the right to privacy case ( Justice K.S. Puttaswamy v. Union of India ).
The Personal Data Protection (PDP) Bill 2019 has a contentious section 35, which invokes “sovereignty and integrity of India,” “public order”, “friendly relations with foreign states” and “security of the state” to give powers to the Central government to suspend all or any of the provisions of this Act for government agencies.
Also read: UIDAI plugging data leak: Author
The UIDAI during the interaction with the Joint Parliamentary Committee, sources said, demanded that it should get a blanket exemption from the act under this section. It further argued that it already is being governed by the Aadhaar Act and the PDP bill could be counter productive.
This is not the first time the UIDAI has taken this stand. A panel member on condition of anonymity said that in the initial rounds of deliberations, too, the Authority had made a similar demand.
The 2019 Bill already has clauses which are open to interpretation. As Prasanth Sugathan, Legal Director, Software Freedom Law Centre pointed out, “Section 12 of 2019 Bill gives UIDAI some leeway from the rigours of the Bill as it enables for processing data for provision of a service or benefit to the data principal. However, even then prior notice has to be given.”
Sources indicate that UIDAI might not be the only one to seek exemption. “Our fear is that the Bill, if implemented in the present form, may create two distinct ecosystems. One with the government agencies who will be completely out of the ambit of the law, giving them complete freedom to deal with the personal data. And the second will be private data fiduciaries who will have to deal with every letter in the law,” one of the members said.
The committee is on a tour to meet various data fiduciaries for a last round of discussion on “operational issues” in the implementation of the law. The panel which has already got five extensions has to submit its report during the upcoming winter session of Parliament.
In Mumbai the committee met Tata Consultancy Services, NABARD and SBI among others. In Bengaluru, the committee has had meetings with Infosys, Wipro and other IT firms.