Mr John Brittas, one of the members of the IT Standing Committee which reviewed and commented on the draft DPDPB 2022 has submitted a dissent note which has been promptly been circulated by a section of the media to criticise the proposed Bill. (Refer here)
Also Justice B N Srikrishna in his interview to The Hindu some time back also had criticised the DPDPB 2022
However most of the concerns expressed by John Brittas and Justice B N Srikrishna seems to have been addressed in the version which may be presented in the Parliament.
We are still not clear about the official version which will be presented but the above version with 33 sections appear to be one created after the IT Committee report and has addressed many of the issued. It still has one or two minor modifications that may be required like definition of harm and handling of publicly available data. But these can be incorporated during the discussion.
Mr Srikrishna’s objection on the constitution of the Data Protection Board has been addressed by reverting to the earlier PDPB version of a Board with a Chairman and Six members though the tenure has been reduced from 5 years to 2 years.
Brittas objections like the objection to the amendment to RTI has been discussed in the past and does not hold substance. The Concerns on “Deemed Consent” has been addressed through the Legitimate Interest and there are provisions for addressing deliberate violations.
The power of claiming compensation by data principals is available under ITA 2000 (Section 43) and can be invoked along with the adjudication under DPB. It would however be better if the DPB is provided the power to provide compensation also so that the issue would be settled in one hearing.
Brittas seems to support the data localization and Government should be happy to introduce it through notifications.
Mr Brittas has objection to Right to Data Portability and Right to Forget not being included. These are not sacrosanct. A Data Principal can get the information back and re-submit if he wants. Transfer of data from one business competitor to another under “Portability” is a matter of convenience but not critical. Right to Forget is not possible in India as it can be grossly misused.
It is recognized that Data Protection Law will have a conflicting interests like Startups needing exemption and the Government has accommodated an enablement clause for such purposes which Mr Brittas has an objection to.
Exemption to Government has been an eternal objection but this is an issue which cannot be resolved to the satisfaction of Privacy Activists since there is a security requirement to consider.
The Dissent note of John Brittas is well constructed and needs to be taken note of when the rules and regulations are formulated by the DPB. For the time being the Bill is good to be passed with some minor corrections.
We hope that the Parliament will allow the Bill to be passed or more appropriately the Government will pass it whether there is consensus or not.
Naavi
