Former secretary-steel, government of India and policy analyst, Dr Aruna Sharma on Tuesday said that the Joint Parliamentary Committee has conflated issues by bringing in social media and non-personal data under the ambit of Data Protection Bill 2019 while exempting the government from its purview.
“Under Section 79 of IT Act 2000, there is already a law to regulate social media platforms so there is no space for this provision in the data protection bill,” she said during a panel discussion on the Data Protection Regime on Tuesday.
Dr Sharma also expressed surprise over JPC’s recommendation to regulate hardware manufacturers and create a certification mechanism for all digital and IoT devices.
“There are existing frameworks for testing and certification of hardware. Data protection bill is meant for privacy of individuals so rather than bringing non personal data ,social media platforms and hardware software issued under a single umbrella, the bill should lay more emphasis on the privacy aspect of it.”
She also questioned ambiguity over provision related to cross-border transfer of data underling the pitfalls of localisation restrictions.
“Section 34 of the PDP bill will be allowing transfer of data outside India but under certain conditions. So, who will decide those conditions? Restricting data storage within a geographical boundary would create a lot of problems in terms of portability of data, storage of data and importing anonymised data from outside to India which is the main business in the IT sector. So, if we focus on protection of personal data, a lot of issues that have cropped up due to this mishmash will get sorted out.”
If we look at the EU’s GDPR law, they have also not become very comprehensive. They are also specifically focusing in one particular area and are still evolving.
Dr Sharma pointed out that the Bill gives more emphasis to compliance over security of personal data.
“Non personal data is for analytics so combining it under DPB’s ambit will create a lot of confusion. If you look at the EU’s GDPR law it is still evolving and they have not included non-personal data,” she said.
Dr Sharma also strongly objected to the wide exemptions for the government in the redrafted bill.
“Previously, there was a high level committee that used to decide whether a particular data or communication has to be put under surveillance but now that authority has been delegated to eight to nine departments and that is disturbing. Particularly, the exemptions that the government has accorded itself under Clause 35 will not stand the Court of Law. So, this clause should be removed from the bill,” she said.
