The JPC Bill gives a lot of leeway to the government. To exempt its agencies from data protection provisions
It has been more than three years since a draft bill on personal data protection was drafted by the Justice Srikrishna committee of experts and presented to the Ministry of Electronics and Information Technology in 2018. Two years after a joint parliamentary committee was set up to investigate another. The version – Personal Data Protection Bill (PDPB), 2019 – was finally adopted by it on Monday. But as dissenting notes submitted by some panel members of the opposition point out, the draft falls short of the standards set by the Justice Srikrishna Committee for building a legal framework based on the landmark judgment, Justice KS Puttaswamy v Union of India, on privacy. The main difference from the Justice Srikrishna Committee draft bill is in the selection of the chairperson and members of the Data Protection Authority (DPA) that will protect the interests of data principals and provided for the central government to exempt its agencies from application. of the act. While the 2018 draft bill allows for judicial oversight, the 2019 bill relies entirely on members of the executive government in the selection process for DPAs. Unlike the 2018 bill, which gave state institutions the freedom to obtain informed consent from data principals or process data only in case of matters relating to the “security of the state” and also asked to provide a law . For “parliamentary oversight and judicial approval of non-consensual access to personal data”, the 2019 bill adds “public order” as a reason to exempt an agency of government from the Act, except that only those reasons are in writing. Provides for entering the form. ,
As JPC member of Rajya Sabha, Congress’s Jairam Ramesh rightly noted in his dissent note, “the government must always adhere to the requirement of the Bill for proper and proper processing and implementation of necessary safeguards”, whose A waiver is required in writing. must be introduced at least in both the Houses of Parliament; But JPC did not accept it. His note also points to the dangers of exemptions based on the “public order” as it is susceptible to abuse and is not limited to the “protection of the state”, recognized by other data regulations such as Europe’s General Data Protection Regulation. Is. Viable reason for exemption. In October 2021, the Global Privacy Assembly, consisting of privacy commissioners from more than 19 countries in the European Union, Japan and the UK, presented a clear resolution on the principles of government access to personal data. In its resolution, the assembly called for a set of principles on a legal basis, the need for clear and precise rules, proportionality and transparency, data subject rights, independent oversight, and effective treatment and redress of affected persons. As the adoption of the draft bill by the JPC and the dissenting notes attached to it suggest, it falls short of the standards protecting the privacy rights of individuals against widespread abuse by the state. Now it is the job of Parliament to tighten the provisions and bring them in line with the 2018 Bill.
,