The Indian Data Protection bill 2019 which aims to help consumers exercise their privacy rights needs a proper structural framework else personal data of millions of users in the country will be at stake, leading industry experts said on Monday.
As the world observes Data Privacy Day on January 28, experts and leading industry bodies have already demanded clarification in several areas of ambiguity that exists in the draft Bill.
The Personal Data Protection Bill 2019, which was introduced in Lok Sabha in the winter session last year, has been referred to a Joint Parliamentary Committee (JPC) of both the Houses. The JPC has been constituted under the chairmanship of New Delhi MP Meenakashi Lekhi for examination and report.
“Although the Indian Data Protection bill aims to play an important role in fabricating regulations for governing the increasingly data-driven landscape, without a structural framework data privacy becomes a cause of concern, Lovneesh Chanana, Vice President, Digital Governments (Asia Pacific & Japan), SAP, told IANS.
A report by the Internet and Mobile Association of India (IAMAI) in December said that the bill categorises data as Personal data, Sensitive Personal data and Critical Personal data, but the industry lacks clarity on to which data qualifies under which head and hence is not equipped to take necessary precautions.
“The problem gets aggravated when data collection and processing are done by different agencies, in which case, each fiduciary will have to take consent at every step of the operation,” said the report.
Telecom Minister Ravi Shankar Prasad, while introducing the Personal Data Protection Bill, 2019, in the Lok Sabha on December 11, announced that the draft Bill empowers the government to ask companies including Facebook, Google and others for anonymised personal data and non-personal data.
However, there are concerns around a provision in the draft bill, seeking to allow the use of personal and non-personal data of users in some cases, especially when national security is involved.
Several legal experts have said the provision will give the government unaccounted access to personal data of users in the country.
Ashish Aggarwal, Senior Director and Head, Policy & Advocacy, NASSCOM, however, said the Indian Data Protection bill will be the basis for consumers to exercise their privacy rights.
“The industry will benefit from increased trust by implementing the law diligently. The IT industry has a huge role in using technology solutions to implement the key principles of the law for both the industry and government, in an intuitive and cost effective manner,” Aggarwal told IANS.
There are other concerns from the industry as well.
Shankar Roddam, Chief Operating Officer, Subex said that the Data Protection bill 2019 talks about monetary compositions like penalties for any abuse or failure to comply with guidelines.
“I personally feel that government should consider sanctions that are being monetary compositions like banning certain privileges for subsidies, funding, directorship, etc. This will help ensure privacy and regulate protection for companies,” Roddam noted.
The experts have demanded clarification in several areas of ambiguity that exists in the draft Bill which need to be better clarified for businesses to fully comprehend the extent of adjustments businesses will have to do to comply with them.
According to Srinivasan CR, Chief Digital Officer, Tata Communications, the Data Protection Day should serve as a wakeup call for both consumer and companies on the realities of keeping data safe in 2020.
“While everyone has heard the warnings about keeping personal data safe online, millions of people across the globe are parting with copious amounts of personal data every minute of every day, leaving data traces behind in a literal cookie trail,” said Srinivasan.
“Businesses who do collect data should have a high degree of responsibility for that data – and that, of course, includes culpability when things go wrong,” he added.