India wants to protect your data. Do you have to worry? | Business and Economic News

He had India Enter a personal data protection bill in December 2019 said it would create a data protection authority for people to protect personal data and work.

At the time, there were some initial concerns about it, including a rise in the cost of doing business, as well as a return to a clause that allowed the government to ask its company, anonymously, to request policy planning. they were well known.

Shortly afterwards, the bill was sent to a joint parliamentary committee with members from across the political spectrum to review its proposals and suggest any changes based on concerns raised by stakeholders, including government agencies, businesses, activists and data security. experts, among others.

The committee, after many delays, presented its report to parliament in mid-December with suggestions on how to shape the bill, and lines of struggle have already been drawn.

What is the biggest change proposed by the committee?

Of the 56 proposed amendments, probably the most significant change to the bill is the proposal to include non-personal data in addition to personal data, significantly expanding the scope of the bill and, consequently, changing its name to the Data Protection Bill. 2021.

The invoice includes half a dozen categories to define personal data, including a person’s name, cell phone number, biometrics, anything to identify a person. In addition to the fact that a person cannot be identified, it is treated as non-personal data.

In the technology-dependent world we live in, there is no shortage of non-personal data generated every day, from individual Google searches to Google map directions to the number of users a traveler retrieves. of an application in an area, or the number of people traveling from two destinations.

This is the first time that any country has tried to cover this information under the law, Salman Waris, a partner at TechLegis Advocates & Solicitors in New Delhi, told Al Jazeera. Companies that capitalize on this data could have a “significant impact” because the use of that data could be regulated, Waris says, and that provision could be challenged.

In other words, the government wants to treat non-personal data as a community resource, a way to make money as a license to use that data, similar to the telecommunications spectrum, Waris added.

What are some other areas of concern?

The Commission has given the government broader powers to exempt its agencies from rules such as national security, public order, Indian sovereignty and integrity, and friendly relations with foreign states, among other reasons.

General Exemption Taken “fist away from the law, ”says Waris,“ turning the private sector into a two-parallel regime. ”

This also goes against the right of privacy of Indian citizens, a fundamental right that arose as a result of a 2016 ruling by the country’s high court, Waris warned.

The bill adds that although companies must report regulatory breaches of data breaches, they are not obligated to share this information with the person who breached the data. Businesses are reluctant to accept the weaknesses of their system and are reluctant to volunteer. So, “how to fix the user, whose data may be leaked [she] he has no idea what happened, ”says Waris, saying the whole exercise is“ contradictory ”.

The bill also targets social media platforms and proposes to appoint them as “publishers” instead of intermediaries. As a publisher, a platform will be responsible for all content published on it and will be exempt from the secure protection of intermediaries, according to which they are not responsible for the content published by users. The move could have a serious impact on freedom of expression, as it could encourage social media platforms like Facebook and Twitter to actively censor content to prevent legal problems, experts warned.

Did they come up with something out of the ordinary?

The amended bill introduces an expiration clause stating that the new rules will be signed and implemented within two years of the new rules, giving companies enough time to prepare for the forthcoming changes, a useful change that should have been immediately applied. gaining approval.

The bill also states that the data of minors under the age of 18 may only be processed in certain circumstances and with the parental consent. Not all stakeholders are happy with the commission’s adherence to this rule, which is very different from the United States, where parental consent is required for those under 13 years of age.

In addition, India, thanks to the information technology services sector and call centers, is finally planning a data center and finally planning a data protection bill. It will help the country get the seal of a “secure data” nation from the European Union by reducing compliance measures for Indian companies doing business in EU nations, Waris says.

What are the next steps?

The Data Protection Bill may be approved or amended by the Ministry of Electronics and Information Technology and may be submitted to Parliament. It must be approved by both houses before it becomes law. But given that the ruling Bharatiya Janata Party has a majority in both chambers, it is not expected to be a problem. That is, even though some members of the opposition were on the committee who issued so-called opposing notes to some or all of the bills.

That said, it is only a matter of time before we see some of the challenges against the bill, which will determine when the final rules come into force.