India had it explained The Protection of Personal Information Bill in December 2019 to protect personal information and said it would establish a data protection agency to carry out this task.
At the time, some of the first rounds of corruption – including rising business costs and pushing back to the sector that empowers the government to ask the company to provide information, anonymously, to prepare plans – were well publicized.
Shortly afterwards, the bill was sent to a joint parliamentary committee, with members from all walks of life, to review their demands, and to reflect on any changes based on the concerns of various people, including government agencies, businesses, activists and data security. experts, among others.
The committee, after a delay, submitted its report to parliament in mid-December with ideas on how to amend the bill, and war lines had already been drawn up.
What major changes have the committee made?
Among the 56 amendments mentioned, perhaps the biggest change in the bill is the idea of incorporating non-personal in addition to the personal, increasing the bill significantly, and consequently, changing its name to a Data Protection Bill, 2021.
The bill lists at least 12 sections to describe personal information including a person’s name, phone number, biometrics – anything that can identify a person. Any information other than this that would not identify the person is considered personal information.
In the world of technology we live in, there is no shortage of non-personally identifiable data that is generated every minute of every day, from Google search results to Google maps where one draws to the number of users. about the program in the area, or the number of people moving between the two sections.
This is the first time that a national parliament has tried to publish such information in accordance with the law, Salman Waris, a colleague at TechLegis Advocates & Solicitors in New Delhi, tells Al Jazeera. It could pose a “significant risk” to businesses that make a lot of money from the use of these devices that could be controlled, says Waris, and should challenge this.
In other words, the government wants to treat non-private assets as a public source that can generate revenue as a license to use data, like the telecom spectrum, Waris adds.
What are some areas of concern?
The committee has given the government a lot of power to remove its institutions from the law for a number of reasons such as national security, stability, sovereignty and loyalty to India, as well as good relations with foreign countries, among others.
The blanket forgiveness is over “punch away from the rules, “says Waris, turning them into” a law governing regional agencies, creating two identical governments “.
This is also in line with the Indian citizens’ right to privacy, a fundamental right that came after the 2016 ruling by the country’s Supreme Court, warns Waris.
The bill adds that while companies must notify the controller of any data breach, they will not be obliged to share the information with the person who violated the data. Companies do not want to admit weaknesses in their system and cannot be counted on to provide that information. Then “the user, whose data was downloaded, should fix such [she] they do not know that it has happened, ”says Waris, referring to all the incidents as” contradictory. “
The bill also looks at social media platforms and suggests that they nominate them as “publishers” instead of intermediaries. As a publisher, the platform will respond to all that is published there and will not be protected from the port security that agents have which they do not have a reason for their use. The move could have serious repercussions for free speech as it could encourage social networking sites such as Facebook and Twitter to quickly monitor content to avoid legal issues, experts warn.
Did he find anything good?
The amended bill set the stage for sunset when the new rules would be in place two years after the document was signed into law, giving companies more time to prepare for the upcoming changes, making significant changes from when the rules were to be implemented soon after. to receive permission.
The bill also states that most children – under the age of 18 – may be subject to change from time to time with the consent of the parents. Not all stakeholders are happy with the law enforcement committee, which is very different from the United States where parental consent is required for those under the age of 13 only.
In addition, for India, the data center due to its information technology and call center, is finally finalizing a data protection bill which is a big and important part. It will help the country get a stamp of being a “protected” country from the European Union, reducing the pressure on Indian companies doing business in EU countries, says Waris.
What are the next steps?
The Data Protection Bill may be adopted as it stands or amended by the Ministry of Energy and Information Technology, which will submit it to Parliament. It will have to be provided by both houses before it becomes law. But since the ruling Bharatiya Janata Party is prevalent in both houses, it is not expected to be a problem. This even though some of the opposition parties who were on the committee have released what they say are anti-factions or, in some cases, the whole bill.
That said, it is only a matter of time before we look at some of the legal issues in the bill, and this will determine when the final rules come into effect.