The Economic Times daily newspaper is available online now.

    Tech bodies to take Data Bill worries to house committee

    Synopsis

    Industry bodies that represent companies such as Infosys, TCS, Google, Facebook, Paytm and Amazon among others, want ‘clean’ bill so there is no need for another law when technology changes. The issues pertain to inclusion of non-personal data in the Bill and voluntary verification of users by social media companies, amid others.

    data-thnckcThinkStock Photos
    Tech giants will highlight their concerns through written submissions to the Joint Parliamentary Committee over Personal Data Protection (PDP) Bill.
    New Delhi: Top industry bodies representing Indian as well as foreign companies are expected to highlight key issues pertaining to the Personal Data Protection (PDP) Bill before a Joint Parliamentary Committee that is studying the legislation, which was tabled in Parliament late last year.

    The issues pertain to inclusion of non-personal data in the Bill, exemptions that the government has granted for itself, voluntary verification of users by social media companies and weakening of the Data Protection Authority.

    Elevate Your Tech Prowess with High-Value Skill Courses

    Offering CollegeCourseWebsite
    MITMIT Technology Leadership and InnovationVisit
    Indian School of BusinessISB Product ManagementVisit
    IIM KozhikodeIIMK Advanced Data Science For ManagersVisit
    The associations, which represent companies such as Infosys, TCS, Google, Facebook, Paytm and Amazon, to name a few, will highlight their concerns through written submissions within the next one week.

    They are also likely to raise the issue of the high cost of compliance under the provisions of the Bill and the risks to start-ups and the software exports industry.

    The JPC met for the second time on Tuesday, where officials from the Ministry of Electronics and IT briefed its members again. The committee, headed by BJP MP Meenakshi Lekhi, has given stakeholders time till February 25 to submit feedback. It is expected to meet again in the first week of March.

    Although the clauses on data localisation have been relaxed, companies have raised concerns since the government has not defined critical, sensitive and personal data. Critical data will have to be stored only within the country.
    image (47)
    The Bill will require lot of regulatory approvals that may "slow things down" and impose additional costs on companies, said Jay Gullish, Director for Digital Economy, US-India Business Council. The clause on non-personal data may also lead to conflict, he added.

    "Once you have anonymised the data and handed it over, are there any checks and balances in place? What about business models that are based on free information?"

    The industry is looking forward to a "clean" Bill and light touch regulation so that there is no need for another law when technology changes, he said.

    On the data localisation clause, Gullish said there is no clarity on what should be localised, and industry is seeking clarity.
    According to the first draft of the data Bill, one copy of all personal data had to be stored in India.

    However, the PDP 2019 has mandated that while all “critical” information should be stored and processed only in India, all “sensitive personal data” can be processed outside subject to certain conditions, although it will still have to be stored within the country.

    There is no clarity on how the processing of foreign data will be regulated, said Ashish Aggarwal, senior director at IT industry lobby group Nasscom.
    "This can have significant ramifications for the Indian IT-ITeS industry which processes large quantities of foreign data. The provisions around cross-border restrictions or access to such data to the Indian government cannot be applied,” he said.

    The industry will need clear exemptions from such a clause. “Data protection has to focus on increasing trust for foreign data to be processed here,” he added.

    Welcoming the committee’s move to open it up for wider discussion, Aggarwal however added that it should not further delay the Bill.
    "This bill contains many concerning provisions that will undermine, not protect, the privacy of Indians. As such, we welcome the JPC accepting public comments and hope that they will improve the provisions surrounding government exemptions, independence of the data protection authority, forced data transfers and social media user verification provisions, among others,” Udbhav Tiwari, Policy Advisor, Mozilla Corporation told ET.

    Justice BN Srikrishna, one of the main architects of the Bill, told ET recently that new provisions that allow wide exemptions to government agencies could be challenged in court, rendering it constitutionally invalid.

    He said he had written to the parliamentary committee highlighting concerns about the changes.

    The bill mandates all companies to pre-register with the regulator in order to even start a business based on data, said an industry executive.
    “The compliance for collection is so lengthy and expensive that it is likely to thwart innovation; the risk would be too much for startups,” the executive said.

    The Bill also talks about government’s right to access anonymous private data without any due consideration to either IPR laws or a legally defined social good, the executive added.

    Government officials had earlier told ET that government would pay companies for the data that it seeks, and that the data will also be made public to make sure it is not misused.

    Financial data has been classified as sensitive personal data and it requires explicit consent for processing, which may be an issue when it comes to processing such data under contractual obligations or employment related tasks, said Nasscom’s Aggarwal.



    The Economic Times

    Stories you might be interested in