The comments submitted by Nasscom-DSCI on the Personal Data Protection Bill 2019 makes an interesting reading.
The copy of the submission is here
So far, whenever a law related to IT industry was drafted, NASSCOM was a close confidant of the MeitY and a trusted advisor. But now it appears that NASSCOM is clearly on the side of the multi national industry players who want a Privacy law which protects the MNC business interests more than it protects the Privacy of the individuals. DSCI obviously follows the views of NASSCOM and hence both have submitted a joint view.
The document is a fairly long document and consists of four parts. The first part is a recommendation of the principles for effective Personal Data Protection, the second is a list of key concerns, the third is a list of clarifications sought and the fourth is a clause by clause comment on the PDPA 2019.
Before going further into understanding what Nasscom wants and why it takes a specific stand, we must note that what we are now commenting on is the copy of the “Act” and once the Act is passed, there will be several notifications that the Government will make. There after, there will be an organization called Data Protection Authority (DPA) which will come up with many more regulatory guidelines. Each of these namely the Act, the Notifications and the regulations have a certain scope and purpose. Th Act cannot be the notification and the notification cannot be the regulation.
It is not advisable for law to be too detailed so as to make it very rigid. On the other hand, it is possible for some flexibility to be built into the Act so that the later notifications and regulations can take into account the requirements that would unfold over a time. Many of the suggestions that Nasscom has provided under the first part are already addressed in the Act and many other suggestions are meant for the notifications and regulations.
Hence we can ignore most part of the 43 page document and look at the essence of the recommendations given .
….To be continued
Naavi