Context: Joint Parliamentary Committee (JPC) on the Personal Data Protection (PDP) Bill, 2019 has submitted its report in the Parliament.
What are the key recommendations?
-
Inclusion of non-personal data: It proposed to include non-personal data along with personal data and also that Data Protection Authority (DPA) should handle this. Any further policy/legal framework on non-personal data in the future should be made part of this legislation and not separate legislation.
-
Data collection by electronic hardware: Hardware manufacturers that collect data through digital devices are not under scrutiny in the earlier legislation. JPC suggested incorporating new clauses and allowing DPA to frame regulations towards data handling by hardware manufacturers and related entities.
-
Stricter regulations for social media platforms: JPC recommended that all social media platforms, which did not act as intermediaries, should be treated as publishers and be held accountable for the content they host. It also recommended setting up a statutory media regulatory for the regulation of content on such platforms.
-
Definition: JPC recommended that the definition of harm should also include psychological manipulation which impairs the autonomy of a person.
What are the controversies surrounding the Personal Data Protection Bill?
-
Under the bill Clause 35, it allowed exemption to any agency under the Union Government in the name of “public order”, “sovereignty”, “friendly relations with foreign states” and “security of the state” from all or any provisions of the law.
-
Many members argued for removing public order as a ground for an exception given under clause 35. This would create two parallel universes where the private sector is strictly regulated, and the government sector has a lot of exemptions.