Economic Times carried a report today that there is one section of the officials who think that the JPC version of the Data Protection Act 2021 may be shelved and a new Bill may be drafted.
The copy of the ET article is available here
It has been the suggestion of some of the dissenting members of the JPC that the Bill as proposed need to be shelved completely. This view is now being justified by this story which tries to attribute the story to some sources within the Government.
So far objections were being raised in the name of “Privacy Activists” who did not agree with Section 35 of the proposed Act which gave certain powers to the Government to exempt some agencies under certain specific conditions clearly permitted under the Constitution of India
Then objections were raised on the “Data Localization” aspect which was non existent.
The present set of objections appear to come in the name of Start Up companies who have specific exemptions under Section 40 of the proposed Act.
The report states that the objection is about the structure of the Data Protection Authority which is labelled as “Very Bureaucratic”. Earlier an objection had been raised that the selection panel which would recommend members of this Committee consisted only of the Cabinet Secretary, IT Secretary and Law Secretary and hence it was meant to create a pliable committee of favourites of the Government. Now that the new provision has expanded the selection board to include academicians from IIT and IIM etc, the earlier objection lost the steam and hence a new term “Very Bureaucratic” has been raised.
We may recall that the supervisory authorities in the EU Countries who oversee GDPR implementation is led by a single Supervisory authority as if it is a single member board. This leads to many atrocious decisions where as the Indian system has 7 members as full time members with representation from different sections of competence.
The term “Bureaucratic” means that the system is not a Person centric like in EU. If the Indian DPA was like the EU supervisory authority the same critics would have criticised it even more. Perhaps what these critics want is to create a “Mini NASSCOM” within DPA so that the vested business interests are represented in the day to day decision making.
Such a structure would not work since the DPA has to take into account the interests of the individuals as well as the Government besides the business.
The reference to “inclusion of Social media intermediaries” as a point of objection indicates that this set of objections are engineered by the Face Book, Google and Twitter kind of companies who are expected to be held accountable for their activities.
The colonial mindset of the report is indicated by the reference to an EDPB report on Section 35 of the Indian Data Protection law.
We are aware that EDPB expects that all non EU countries surrender their sovereign rights to exercise control over data protection activities within their jurisdiction even if they could hurt the sovereignty and integrity of the country in which the data is processed. It expects the whole world to protect the EU interests and EU to be the conscience keeper of the world as regards Privacy.
The ET report also refers to the “Wide ranging access to personal data sought by the Government, Inclusion of Non Personal Data and absence of a time line of implementation.”
It must be stated that the JPC report has a suggested time line and inclusion of Non Personal Data is only an “Empowerment” which could be relegated to the background. The powers of the Government for national security is not a concern of the IT companies who reportedly have raised the objections unless they want to be the mouth piece anti nationals and support the fake news industry like what some social media has been for some time.
It is unfortunate that NASSCOM and DSCI have let themselves to be projected as the leaders of this campaign to scuttle the law and wants to send another representation to the Government at this stage. NASSCOM and DSCI should appreciate that they are Indian agencies and have to consider the Indian national interest as paramount.
It is ironic that at one time, it was NASSCOM which was pressing for a Data Protection Law in India so that the EU business of Indian companies was not affected and this brought in the 2008 amendments to ITA 2000 which are operative today under Section 43A and 72A. Now the same NASSCOM wants the law to be deferred.
The sections 43A and 72A of ITA 2000 protect both personal data and sensitive personal data and if Adjudication officers exercise their Suo Moto powers under Section 46 of ITA 2000, the regulator for data protection is already available in India along with the CERT-In which is available for handling data breach. Hence the current laws are adequate to cover most of the aspects of Data Protection as envisaged under DPA 2021 and the industry is raising unsustainable objections against DPA 2021 without understanding that it is an improvement over ITA 2000/8.
The Industry under the leadership of NASSCOM is taking a dangerous stance against “National Security” . The long term consequences of such a stance are inimical to the existence of India as a nation. The Board of NASSCOM and DSCI need to rethink on their stance against DPA 2021.
The EU is threatening Indian business that the transfer of business would be affected if India does not surrender its sovereignty in data protection and this is an attempt to treat India as if it is the colony of these EU countries. It was the same argument which was advanced by NASSCOM when it batted for the changes in ITA 2000 which were incorporated in ITA 2008 amendments.
This attempt of EU with the assistance of local supporters has to be resisted. Mr P P Choudhary the Chairman of JPC has already given a fitting reply to their objections and I wish the Government will brush aside the objections of NASSCOM and go ahead with the implementation of the Act as proposed. There is two year time for implementation and the DPAI can take measures to ensure that the industry feels comfortable. The Act can also be amended some time after three years incorporating the experience of its implementation for at least one year. The Government and the DPAI have the flexibility to defer the penalties or chose to impose only nominal penalties in the beginning so that industry can feel smoothly get into the new regime.
I once again reiterate that the Government should show conviction and push the passage of this Bill in the current session ignoring the eternal objections that will never cease.
Naavi