The personal data protection (PDP) Bill, which is tabled in the Rajya Sabha, will have a huge compliance burden on startups, and the impact of these recommendations should be studied by an expert group, according to a report.
The report by the Internet and Mobile Association of India (IAMAI), comes a day after the PDP Bill, 2019 was tabled in the winter session of the Parliament. The recommendations received criticism for leaving the government and its agencies from the purview of the bill.
The other concerns include social media given the same status as publishers, digital certification for hardware devices such as IoT, and structure of data protection authority (DPA).
The report pointed out that the requirement for DPA to consult the Central Government before issuing any approvals or decisions on cross-border data flows will create an incredibly slow and cumbersome process. This would mitigate the autonomy and efficiency of a specialised body such as the DPA, the report said.
There are also concerns around imposing age restrictions of 18 years on certain services, which according to IAMAI will exclude critical demographics from the digital ecosystem. This recommendation also contradicts the other data protection regime that had enabled provisions for 13-18 years.
While the Bill offers recommendations for hardware/device testing, this requires more discussion with the industry as the outcomes of such a mechanism are not clear given that data fiduciary is already legally accountable for complying with the law, the report added.
The Bill is also likely to impinge upon the IP rights of the companies as part of the new requirements on data portability and algorithmic transparency. These objectives can be achieved without compromising on trade secrets, the report said.
According to reports, seven of the 30 members, which were drawn from the ruling and opposition parties, had submitted dissenting notes. Experts and people, who worked on the first version of the Bill, too, have some concerns. Former Supreme Court judge Justice BN Srikrishna, who headed the committee that proposed the first draft in 2018, called out the Bill as Orwellian and said it was loaded in favour of the government.
Experts also pointed out that the Bill has a national interest as the focus instead of individual privacy, the reason why it had come into the picture. The Bill was first proposed in 2018 by the expert committee headed by Justice BN Srikrishna following the Supreme Court judgement that ruled that privacy is a fundamental right.
However, the exemptions offered to the government, and confluence of personal and non-personal data has taken the focus from individual privacy, experts said.
In a recent interview with Moneycontrol, Bharatiya Janata Party MP PP Chaudhary, who headed the 30-member committee, said the proposed law could lay the foundation of a strong digital economy, that the objections to the exemption provision were uncalled for and that the national interest will always override personal interests.
He also clarified that the recommendations the committee submitted will be included as a part of the IT Act, and not under the data protection Bill.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
