JPC Report on the PDP Bill


    In News


    • The PDP Bill was first brought to the Parliament in 2019 and was referred to the JPC for examination at the time.
    • The Bill was drafted after a Supreme Court ruling that declared ‘Right to Privacy’ a fundamental right in August 2017, Puttaswamy judgment.

    Major Highlights

    • Controversial exemption clause: It allows the Government to keep any of its agencies outside the purview of the law. The committee has retained Clause 35 with minor changes.
    • Clause 35: In the name of “public order”, ‘sovereignty’, “friendly relations with foreign states” and “security of the state” allows any agency under the Union Government exemption from all or any provisions of the law.
      • Critics say that “public order” should be removed as a ground for exemption.
      • They had also pressed for “judicial or parliamentary oversight” for granting such exemptions.
      • The members had also suggested that “there should be an order in writing with reasons for exempting a certain agency from the ambit of the Bill.
      • Clause 35 is open to misuse since it gives unqualified powers to the Government.
    • Rationale behind the retention of this clause: The report notes that this clause is for “certain legitimate purposes” and also said there is precedent in the form of the reasonable restrictions imposed upon the liberty of an individual, as guaranteed under Article 19 of the Constitution and the Puttaswamy judgment.
      • A secure nation alone provides the atmosphere which ensures personal liberty and privacy of an individual.
    • Bill creates two parallel universes: One for the private sector where it would apply with full rigour and
      • One for the Government where it is riddled with exemption, carve outs and escape clauses.
    • Stricter regulations for social media platforms: It has recommended that all social media platforms, which do not act as intermediaries, should be treated as publishers and be held accountable for the content they host, and should be held responsible for the content from unverified accounts on their platforms.
      • It has said no social media platform should be allowed to operate unless the parent company handling the technology sets up an office in India.
      • A statutory media regulatory authority, on the lines of the Press Council of India, may be set up for the regulation of the contents on all such platforms irrespective of the platform where their content is published, whether online, print or otherwise.
    • Policy on data localisation: Some of the other recommendations of the committee include development of an alternative indigenous financial system for cross-border payments on the lines of Ripple (U.S.) and INSTEX (E.U.).
      • The Central Government, in consultation with all the sectoral regulators, must prepare and pronounce an extensive policy on data localisation.
    • No provision to keep a check on collection of data by hardware manufacturers: There is a threat of data leak through hardware which is a serious concern.
      • It has recommended that the Government should make efforts to establish a mechanism for the formal certification process for all digital and IoT devices that will ensure the integrity of all such devices with respect to data security.

    Personal Data Protection (PDP) Bill 2019 

    • The genesis of this Bill lies in the report prepared by a Committee of Experts headed by Justice B.N. Srikrishna
    • Key Features:
      • Categorisation of Data: Constitute 3 types of user data: Sensitive, Critical and General.
      • Concept of Data Principle: Gives data principle right over his/her personal data & how it can be utilised.
      • Right to Forgotten: This allows an individual to remove consent for data collection and disclosure.
      • Exemptions: Government is qualified to obtain the data for research or on national security concerns.
      • The setting of Independent Regulator: Data protection Authority (DPA) to safeguard the interest and check misuse of data.
      • Data Protection Officer (DPO): Each company will have a DPO in which to work in liaison with the Data Protection Authority (DPA).
      • User Verification Mechanism: Social media companies need to develop UVM based on the severity of data.
      • Data Localisation Norms: Non-personal data can be stored and processed outside but personal data within the Indian Territory.

    Puttaswamy v. Union of India

    • It is a landmark decision of the Supreme Court of India, which holds that the right to privacy is protected as a fundamental right under Articles 14, 19 and 21 of the Constitution of India.
    • It held that “the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.
    • It explicitly overrules previous judgements of the Supreme Court in Kharak Singh vs State of UP and M.P Sharma vs. Union of India, which held that there is no fundamental right to privacy under the Indian Constitution.

    Source: TH