JPC proposes to expand ambit of personal data protection Bill3 min read . Updated: 25 Nov 2020, 07:32 AM IST
- Panel members want to transform intent of the Bill and focus more on data digitization and localization
The final version of India’s Personal Data Protection (PDP) Bill may cover the entire ambit of data protection and not merely securing personal data, with a joint parliament committee (JPC) significantly expanding the scope of the crucial legislation.
Panel members want the Bill to focus more on the digitization and localization of data, with personal data as one part of the Bill, one person aware of the development said. The panel plans to submit its report before the winter session of Parliament.
“The Personal Data Protection Bill is likely to undergo a complete transformation as the intent of the Bill is likely to get changed. Most JPC members are of the view that the ambit of the Bill needs to be expanded and it cannot be just about personal data. JPC members are unanimous that the PDP Bill should be about data and protection of data," the person cited above said on condition of anonymity.
The final Bill may also cover non-personal data, with sub-heads about sensitive data and critical data.
“JPC is unanimous in its decision that purpose of the Bill should be redefined and more clearly defined. Some members feel the earlier the Bill was a little vague and needed improvement. Now the focus is on data, not just personal but also non-personal, sensitive and critical data as well," said the same person cited earlier.
The original focus of the draft bill, tabled in Parliament last year, can be gauged from the fact at least a fifth of its 98 clauses mention “personal data" in their title. In the draft bill, four chapters were dedicated to explaining the ambit of personal data—Obligations of data fiduciary; Grounds of processing of personal data without consent; Personal data and sensitive personal data of children; and Restriction of transfer on personal data outside India.
Members of JPC plan to hold a series of meetings in this week and hold at least three sittings to complete work on the Bill.
“The biggest concern before the committee now is localization of data, because some of the representatives of companies and organizations that have been invited before the JPC have informed the parliamentary panel that most of the social media platforms store data beyond the boundaries of India. So, in case of any investigations, it will be difficult to retrieve the data for investigation purposes," said the person mentioned earlier.
Even as deliberations are underway at JPC, political consensus-building is happening in parallel, with Congress, Biju Janata Dal (BJD), All India Anna Dravida Munnetra Kazhagam (AIADMK) and Samajwadi Party (SP) supporting the changes under discussion.
“There is unanimity on most of the issues and so far, there is no cause of concern about unanimity. Most of the members of the panel believe that it is an important which will impact the security of the country and people, so there should be discussion. There have been recommendations about inviting more people before the panel, so it is possible that the committee would invite representatives of more companies that collect and store data," said a second person in the know of development.
The Bill, introduced in the Lok Sabha last December, seeks to protect the privacy of individuals relating to their personal data. It calls for setting up a Data Protection Authority of India and aims at creating a framework for organizational and technical measures for processing data. The Bill was referred to the JPC headed by senior Bharatiya Janata Party lawmaker Meenakshi Lekhi.
JPC is unanimous in its decision that the Bill needs clarity and its purpose should be redefined
THE final Bill may also cover nonpersonal data, which includes sensitive and critical data
MEMBERS of the JPC plan to hold a series of meetings this week to discuss the changes