In old draft, JPC proposed to back some safeguards
THE JPC HAS BEEN LOOKING INTO THE DRAFT LAW SINCE 2019 AND WAS GIVEN SEVERAL DEADLINE EXTENSIONS
NEW DELHI: The draft report of the joint parliamentary committee (JPC) on the data protection bill, drawn up when it was headed by Bharatiya Janata Party (BJP) MP Meenakshi Lekhi, was finally circulated last week among the members of the panel as a summary of proceedings, people aware of the matter said.
The report was in penultimate stages and some of its key suggestions -- while still under discussion -- may likely be retained in the report that will now be drawn up under the new chairperson, BJP’S PP Chaudhary, the people said on condition of anonymity.
The JPC has been looking into the draft law since 2019 and has been given several deadline extensions -- the latest being due to a change in several members, including the chairperson, after Lekhi was inducted as a minister. The report drafted at the time was yet to be circulated for final inputs by members despite their demands.
As per the summary now shared, the report proposed to treat social media platforms as publishers -- a move that would make them liable for content posted by users -- and to add back the condition of “just, fair, reasonable and proportionate” in Section 35, which deals with exemptions that the government can claim in accessing personal data, one of the people cited above said.
This was of particular concern because the bill cleared by the government allowed for the government to claim an exemption as long as it felt it was “necessary or expedient” to do so in a particular set of circumstances, such as those relating to national security.
The test of “just, fair, reasonable and proportionate” was part of the first version of the law, which was presented as the recommendation of the Srikrishna Committee.
The summary, the people cited above said, also proposed to refer the 2019 Bill as the data protection bill, 2021 and that it be applied irrespective of any other law governing contractual relations between a data fiduciary and a data principal in so far as they relate to the contours of the bill.
It will supersede other laws, including the information technology act and even the telegraph act, experts said, if the recommendations are accepted and included in the final legislation.
The summary report also says the Information Technology Act was unable to manage social media intermediaries, and that “the Act had not been able to regulate social media platforms adequately because the Act has not been able to keep at pace with the changing nature of the social media ecosystem”.
The Personal Data Protection Bill, 2019 has general provisions regarding social media platforms and intermediaries and the committee felt the need to immediately regulate such platforms.
The person mentioned above said the “designated intermediaries are working as publishers of the content, owing to the fact that they have the ability to select the receiver of content and also exercise control over the access to any such content hosted by them, therefore, a mechanism must be devised for their regulation”.
Many of these are part of changes being considered by the JPC, which is studying the personal data protection bill, sent to it for further deliberation after parliamentarians objected to the version introduced in Parliament in 2019, the officials said.
The final report of the JPC is yet to be tabled in Parliament and the committee has now sought until the winter session to submit its report. To be sure, the central government will decide the final shape of the bill that will be presented to Parliament for legislation.
As far as the ability of the government to seek exemptions, the committee said section 35 of the Act should include the test for “just, fair, reasonable and proportionate procedure” to curb any misuse. Any requests to override protections to personal data would require the government meet the tests of necessity, proportionality and legitimate state action as laid down in the Puttuswamy judgment, the summary added.
A proposal to allow data principals to choose how their data will be handled after their death was also included, the person mentioned above said.
Asked if the IT Act had failed to regulate intermediaries, Supreme Court lawyer NS Nappinai said it was a possibility. “But for this, the IT Act has to be reviewed for amendments. Buttressing shortfalls in IT Act through a data protection law may not be the solution,” she said.
Nappinai added that the proposed Section 35 has drawn the most flak.
“Sometimes I feel that many other important concerns get overlooked due to the focus on this provision. The PDP 2018 had a similar provision but exemptions were only permissible through parliament enacted law. Even that was considered a dilution. That any executive act or procedure has to be “just fair reasonable or proportionate” is a sine qua non (it is obvious),” she said. “If that is an addition being proposed, it does not really protect against misuse, but merely reiterates the obvious.”
Nappinai highlighted that the clubbing of personal and nonpersonal data is untenable. “Assuming that PDP and NPD have now been possibly compressed into a single enactment, the same is not entirely unwelcome but to do so as in Sec. 91 of PDP 2019 is completely unsustainable. If the errors of that provision have been carried over, the same is likely to be afflicted with the malaise of excessive delegation of parliamentary powers to government authorities,” she said.