7 members of JPC submit dissent note on PDPB

An interesting phase in the history of data protection law in India has started with the presentation of the new version of PDPB2021 by the JPC to the Speaker. It will become public once the bill is formally presented. Until then we need to work on the comments  appearing in the press.

Some of the reports appearing in the press are here

1.JPC retains exemption clasue, adopts personal data bill: thehindu.com

2.Data Protection Bill: Panel calls for strict rules for firms, leeways for Government

3. Explained: The Joint Parliamentary Committee’s suggestion on Data Protection Bill

The report suggests that one of the members namely Mr Manish Tiwari has dissented the bill in its entirety and said that it is “Ultra vires the fundamental right to privacy as laid down by the 9 judge bench of the Supreme Court of India in Puttaswamy (2017) judgement”.

The TMC members Derek O’Brien and Mahua Moitra  have said that the Bill does not provide adequate safeguards to protect the  right to privacy and gives an overboard exemption to the Government under Clause 35″.

Another Congress member Mr Gaurav Gogoi said that the bill pays little attention to “harms arising from surveillance”

According to one of the reports,

  1. The proposed change  to delete the turn over based penalty structure appears to have been dropped.
  2. The data breach notification  would be required both for Personal and Non Personal data within 72 hours
  3. Companies need to ensure fairness of algorithm or method used for processing personal data
  4. The DPO needs to be from senior management
  5. Companies will need to mandatorily disclose to data principals if their information is passed to third party.
  6. If the Government agency has to pass on the information for the purposes of state use, there is no need for mandatory disclosure
  7. Government departments to carry out in-house inquiry to fix blame in case of breach instead of head of department being responsible
  8. Government should quality penalties for companies violating provisions of law.
  9. The law will be implemented in a phased manner over a period of 2 years.

It appears that the recommendation that Social media companies should mandatorily verify users to keep their status as intermediaries (Ed: i.e. to claim exemption from liability from Section 79 of ITA 2000), will be retained.

The JPC appears to have also indicated that copies of sensitive and critical personal data that has already been  with foreign entities and stored abroad has to be brought into India in a time bound manner.

The copy of the report and the dissent statements are already with select media houses. They are likely to be in public space after 29th November 2021 when the Bill will be formally tabled in the Parliament.

We look forward to the copy of the bill to understand the changes.

The big relief is that an important step towards the passing of the  Act has been taken. From the dissent  notes it is clear that once the bill is passed, there will be a challenge mounted in the Supreme Court and the battle will go on.

Naavi

Reference

Congress MP Jairam Ramesh submits dissent note-Indian Express

Congress MPs file Dissent notes over JPC Report-Wire.com

 

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.