The Print, December 16, 2020
The Joint Parliamentary Committee (JPC) examining the Personal Data Protection Bill, 2019 will not approve the current version of the bill, BJP MP Rajeev Chandrasekhar, has said.
“The fact there is a joint parliamentary committee that is sitting and going through the bill and discussing it and we’ve had almost 52 sittings of the committee, it should tell you that the bill in itself is not something that is working. And that the committee is obviously not going to rubber stamp this bill. It is going to redraw the bill,” Chandrasekhar said Tuesday at the Global Technology Summit 2020 organised by Carnegie India.
Chandrasekhar’s remarks came during a panel discussion on India’s emerging regulations for data and privacy. The other panellists included Facebook’s privacy policy director for legislation Melinda Claybaugh, who was previously with the US Federal Trade Commission; Amazon Web Services’ public policy lead for data in the APAC region, Annabel Lee; and Varad Pande, partner at investment firm Omidyar Network India.
Fundamental right to privacy
The data protection bill aims to protect privacy of citizens without stifling growth of the digital economy which relies on user data for its growth. Chandrasekhar said that witnesses who have deposed before the JPC are concerned that ensuring user privacy will hinder the growth of the digital economy.
“Throughout this process witnesses would come in to the committee and argue as if privacy is a favour that is being done by the state for the citizens,” he said.
He added that the witnesses asked, “are we going to put paid to our dreams of a trillion dollar digital economy if we start granting these rights?
“Excepting for the little fine print, which I tend to remind people in seminars like this, and witnesses who depose in front of us, that the citizens have already been granted that fundamental right to privacy by the Supreme Court. There is no negotiation around that anymore. That is a given.”
The BJP MP also said the Data Protection Bill attempts to balance out protecting fundamental right to privacy, along with allowing “businesses to still grow and have a light touch regulation”, while also addressing state’s right to access data for occasions of “public safety”.
Data Protection Authority
An important part of the data protection bill is the establishment of a data protection authority (DPA) to ensure the law is complied with.
Pande from Omidyar Network India said stakeholders of the data privacy regulations should consider making the concept of consent more effective and simple.
The National Institute of Public Finance and Policy (NIPFP) administered a quiz in 2019 to test how well urban, English speaking college students understand privacy policies of Flipkart, Google, Paytm, Uber, and WhatsApp. The students only scored an average of 5.3 out of 10. The privacy policies were as complex as a Harvard Law Review paper, Pande said.
Facebook’s Claybaugh, however, said that “despite the challenges of communicating with people about privacy, we do take pretty strong measures both in our data policy which is interactive, in relatively easy-to-understand language compared to, kind of, the terms of service we are used to seeing.”
Lee, who earlier worked with Singapore’s Personal Data Protection Commission said challenges of a (DPA) are “manifold”. She said it must be ensured that the DPA is “independent” and is given necessary powers especially when it must regulate the government. The DPA must be staffed with the right people with knowledge of technical and legal issues involved, she added.
Lee also suggested that DPA should be given the power to expedite or reject requests.
Lee shared how Singapore law on data protection had not given power to the DPA to reject requests. This meant the DPA had to spend resources even on “frivolous” requests. Lee mentioned one such “frivolous dispute” involving 50 pages worth of WhatsApp messages and an individual trying to “get back at their florist” for saying “mean things”.
This news can also be viewed at: