Tag: Personal Data Protection Bill

  • JPC members oppose proposal to reduce penalty amount in data protection bill

    By PTI

    NEW DELHI: Several members of a parliamentary panel examining the data protection bill have vehemently opposed a proposal to reduce the penalty amount to several crores from a fixed percentage of the global income of big tech firms found violating the privacy norms, sources said on Saturday.

    The Joint Committee of Parliament on Personal Data Protection Bill, chaired by BJP MP PP Chaudhary, met here on Friday to adopt a draft report on the bill but could not do so as some more amendments have been suggested to the proposed legislation, they said.

    The sources said the committee will meet again on November 22 to adopt a draft report on the bill, as several members including BJD MPs Bhartruhari Mahtab, Amar Pattnaik along with Congress MPs Manish Tewari and Jairam Ramesh opposed the proposal to reduce the penalty amount.

    According to the bill, processing or transferring personal data in violation of the norms, is punishable with a fine of Rs 15 crore or 4 per cent of the annual turnover of the fiduciary, whichever is higher.

    Similarly, failure to conduct a data audit, is punishable with a fine of Rs 5 crore or 2 per cent of the annual turnover of the fiduciary, whichever is higher.

    In the meeting, a proposal was made that the fine amount be limited to several crores on those tech firms which are found violating the privacy norms under this bill.

    The proposal suggested that the annual turnover option be not considered. In the next meeting to be held this month, the final draft will be shared, they said.

    When contacted, BJD MP Amar Pattnaik did not say anything about the penalty clause but emphasised on the need for a state-level regulator on the lines of central data authority proposed in the bill.

    It would be very difficult for the Central Data Protection Authority to address all complaints including those from the district level, without proposing District Data Protection Authority, this bill violates the federal structure, he told PTI.

    Pattnaik said as MPs, members of the committee want the bill which will ensure full privacy and safety to the citizens.

    He also added that the bill has many similarities with the European Union’s data privacy law — General Data Protection Regulation (GDPR).

    Central Data Protection Authority would be overwhelmed with the entire operation of the act if starts receiving complaints and settling disputes from remote areas and villages of the country.

    The joint committee has held wide discussions on the bill with various stakeholders, including social media giants like Twitter and Facebook, e-commerce players and telecos.

    The draft of the bill, approved by the Cabinet in December 2019, proposes to put restrictions on the use of personal data without the explicit consent of citizens.

    It was introduced in the Lok Sabha in February last year. Later, it was referred to the Joint Committee of Parliament then headed by BJP MP Meenakshi Lekhi.

    It was drafted following a Supreme Court judgement in August 2017 that declared ‘Right to Privacy’ a fundamental right.

    The need for a strong personal data protection regime was further highlighted by the apex court in its judgement in September 2018 in which it held Aadhaar as a constitutionally valid scheme but struck down some provisions in the Aadhaar Act.

  • Personal Data Protection Bill may be tabled in Parliament in 1st week of winter session: Source

    The draft of the bill, approved by the Cabinet in December 2019, proposes to put restrictions on the use of personal data without the explicit consent of citizens.

  • Parliamentary panel examining Personal Data Protection Bill recommends 89 changes: Meenakshi Lekhi

    By PTI
    NEW DELHI: A parliamentary committee examining the Personal Data Protection Bill has recommended 89 amendments to the proposed legislation, including changing its title and schedule, the panel’s chairperson Meenakshi Lekhi said on Wednesday.

    The draft of the bill, approved by the Cabinet in December 2019, proposes to put restriction on use of personal data without explicit consent of citizens.

    Proposing a penalty of up to Rs 15 crore and up to three-year jail term for company executives for violating privacy norms, the bill was introduced in the Lok Sabha in February last year.

    Later, it was referred to the Joint Committee of Parliament headed by BJP MP Lekhi.

    “The process of writing the report on the bill has begun. Eighty-nine amendments have been suggested by the panel, including changing its title and schedule,” Lekhi told PTI.

    The bill was drafted following a Supreme Court judgement in August 2017 that declared ‘Right to Privacy’ a fundamental right.

    The need for a strong personal data protection regime was further highlighted by the apex court in its judgement in September 2018 in which it held Aadhaar as a constitutionally valid scheme but struck down some provisions in the Aadhaar Act.

    According to the provisions of the bill, all Internet companies will have to mandatorily store critical data of individuals within the country.

    However, they can transfer sensitive data overseas after explicit consent of the data owner to process it only for purposes permissible under the proposed legislation.

    Critical data will be defined by the government from time to time.

    Data related to health, religious or political orientation, biometrics, genetic, sexual orientation, health, financial and others have been identified as sensitive data.

    A company’s executive in-charge of conduct of the data business would face a jail term of up to three years if found guilty of knowingly matching anonymous data with publicly available information to find out the identity of an individual, called as ‘re-identify de-identified data’ in technical parlance, under the proposed law.

    Social media companies will be required to come up with a mechanism to identify users on their platform who are willing to be identified on a voluntary basis.

    It will be voluntary for individuals if they want to get verified or not.

    The bill had provisions to grant the right to be forgotten to data owners as well as the right to erase, correct and porting of data.