November 22, 2022
Good morning. In today’s either/view, we decode the Digital Personal Data Protection Bill 2022. We also look at the ‘Doctors on bikes’ initiative in Bihar, among other news.
📰 FEATURE STORY
The Digital Personal Data Protection Bill 2022 – A Step In The Right Direction?
After the backlash it received earlier, the Indian government released a revised draft of the new data privacy bill, the Digital Personal Data Protection Bill 2022, as a replacement for the Personal Data Protection Bill withdrawn in August. The proposed bill elicited mixed reactions from various stakeholders.
The draft bill has been made available for public comment as the government is expected to introduce the bill in Parliament in the upcoming budget session. After many attempts, is this draft a hit or a miss?
Context
This is the fourth iteration of a data protection bill in India and is open for public consultation till December 17. The Justice Srikrishna Committee, tasked by the Ministry of Electronics and Information Technology (MeitY) with drafting a data protection law for India, came up with the first iteration of the legislation, the Personal Data Protection Bill, 2018. In 2019, the government amended this draft and presented it to the Lok Sabha as the Personal Data Protection Bill, 2019 (PDP Bill, 2019).
A move to send the PDP Bill, 2019, to a joint committee of both Houses of Parliament was approved by the Lok Sabha on the same day. The Joint Committee on the PDP Bill, 2019 (JPC) issued its findings on the Bill after two years, in December 2021, as a result of pandemic delays. The Data Protection Bill, 2021, a new draft bill that included the JPC’s suggestions, was submitted along with the report. But in August 2022, the government withdrew the PDP Bill, citing the JPC’s report and the “extensive changes” the JPC had made to the 2019 Bill.
According to officials of the Ministry of Electronics and IT (MeitY), the latest draft achieves a delicate balance, takes into account lessons from other countries’ policies, and adheres to the Supreme Court’s decision that privacy is a fundamental right subject to reasonable limitations. The legislation has been revised to include hefty penalties for non-compliance. However, these penalties are capped and have no relation to the turnover of the offending entity. Along with a provision for simpler startup compliance standards, it also has relaxed regulations on international data flows that may provide relief for big tech companies.
Every digital processing of personal data is subject to the DPDP Bill, 2022. This would cover both personal data gathered online and offline that has been converted to digital form for processing. In practice, this offers a slightly lower degree of protection because it is entirely inapplicable to data processed manually, as opposed to earlier drafts that only specified excluded data handled manually by “small entities” and not generally.
VIEW: Step in the right direction
The Digital Data Protection Bill 2022 is a step in the right direction, according to Kazim Rizvi, founder of the tech policy think tank The Dialogue. He noted that it has significantly narrowed the scope of the bill by removing provisions related to non-personal data, social media intermediaries, and hardware like IoT (Internet of Things) and others. Additionally, the proposed data protection scheme has been made simpler in the draft Bill, and some problematic provisions that the sector objected to in earlier iterations have been removed. Particularly, compared to the prior Bill, it appears that data mirroring, data localization requirements, and overall compliances are limited.
A user has the right to know exactly what data is being gathered, how it is managed, and how it is also processed, according to the Digital Personal Data Protection Bill 2022. Only the specific use for which the data were acquired by the company is permitted. Additionally, they cannot, by design, store the data indefinitely. When businesses no longer need to keep the data, it must be erased.
For the purpose of monitoring adherence to the proposed law, the government will create a “Data Protection Board.” The Board has the authority to impose financial penalties for noncompliance. The draft proposal stated that failure to implement acceptable security measures to avoid data breaches could result in fines of up to 2.5 billion rupees ($30.6 million).
COUNTERVIEW: Not up to the mark
The main issues raised by experts include reduced independence of the proposed Data Protection Board and broad exemptions granted to the Centre and its agencies with little to no safeguards. The fact that the new Bill comprises only 30 provisions as opposed to the more than 90 in the previous one is also noteworthy, primarily because many operational specifics have been delegated to subsequent rule-making.
The Data Protection Board’s chairman and members will be appointed by the central government, according to the draft law. The Data Protection Board is currently a central government-established board, whereas it was previously intended to be a legislative authority (under the 2019 Bill). The government is still able to influence the board’s composition, terms of service, etc.
Sadly, the proposed Data Protection Bill’s point 30[2] on page 30 calls for a detrimental amendment to the RTI Act. It states that any information relating to an individual may be withheld. It effectively enables public information officers to use the Right to Information Act as a Right to Deny. It turns out that the majority of the data that applicants want is personal. The RTI Act, which effectively distributes power to the people, has made those in positions of power uncomfortable, and this proposed amendment is the most recent attempt to weaken it.
Reference Links:
- ‘Step in right direction, toothless Board’ — draft data protection bill elicits mixed response – The Print
- What India’s draft digital privacy law says — and how it compares with data protection laws elsewhere – The Indian Express
- A first look at the new data protection Bill – The Hindu
- Digital Personal Data Protection Bill skirts key issues – The Telegraph
- Protecting Data – The Tribune
- How the proposed Data Protection Bill will undermine India’s Right to Information – Scroll
- Digital Personal Data Protection Bill 2022: 8 biggest features of the bill – Times of India
What is your opinion on this?
(Only subscribers can participate in polls)
a) The new data protection bill is a step in the right direction.
b) The new data protection bill is not up to the mark.
🕵️ BEYOND ECHO CHAMBERS
For the Right:
How RSS’s intrinsic authoritarianism, casteism are laid bare by Devanura Mahadeva
For the Left:
Modi’s Tamil-Varanasi outreach is BJP’s ‘Look South’ strategy. Fort DMK better watch out
🇮🇳 STATE OF THE STATES
Stubble management (Punjab) – Punjab’s poor stubble management may be due to its poor underutilisation of crop residue management machines owned by the state cooperative societies. A report by the Punjab Remote Sensing Centre (PRSC) showed utilisation of the machines was between 2 and 29 hours across the state during this paddy harvesting season. Experts said these machines should run at least 200-250 hours in a season.
Why it matters: There are more than 2,900 targeted societies across the state with these relevant machines, which are tractor-mounted. Till last year, they owned more than 15,000. The PRSC report stated one of the machines, the Happy Seeder, was used for just 2 hours this season. Some of these machines can be used on the land of small and marginal farmers to stop stubble burning.
Paddy procurement system (Andhra Pradesh) – Minister for Civil Supplies Karumuri Venkata Nageswara Rao asked officials to plan for a smooth paddy procurement process. He also warned millers against procuring paddy from farmers. A new procurement system will be implemented to ensure farmers get a minimum support price (MSP). He said they’ll be paid in 21 days from the date of procurement.
Why it matters: Paddy procurement began on November 1 for this Kharif season. Crops registered in the e-crop system will only be procured. Some farmers feared that there could be a shortage of gunnysacks and delays in payment. The state government also announced they’ll bear the transportation and loading charges for paddy procurement.
Doctors on bikes (Bihar) – For the people living in rural and remote areas of the state, access to quality healthcare has always been challenging. A new startup, Doctors on Bikes, launched under the state’s Startup Bihar initiative, will allow patients to book an appointment. People can connect to specialists and high-level diagnostic centres and avail of teleconsultation services.
Why it matters: Recently, the Bihar Industries Department extended financial support to 31 startups, including some in the healthcare sector. The goal is to extend quality healthcare to people with remote access. Another company from Nasariganj in Rohtas district launched a digital primary healthcare mobile option.
IFFI turns 18 (Goa) – The 53rd International Film Festival of India (IFFI) had its grand opening at Taleigao. Union Minister Anurag Thakur said he wants to make India a sought-after destination for film shoots and post-production work. To help promote cinema in the state, Chief Minister Pramod Sawant said a new convention centre and multiplex will be ready for IFFI by 2025. This year, there’s a special master class for the Goan film fraternity.
Why it matters: IFFI began in 2004 in Goa and was then made the festival’s permanent venue. Several Goan filmmakers have had their films selected for this year’s event. Young storytellers in the state have started making films for OTT platforms. Apurva Chandra, Secretary Ministry of I&B, said IFFI is a platform for the Indian film industry.
e-ILP portal for tourists (Arunachal Pradesh) – The state has launched the e-Inner Line Permit for tourists. It allows for a smoother and more convenient entry into the state. The new portal, developed by the state’s IT department, will be exclusively for tourists. There’ll be no waiting period, and the application and approval process will be simplified. ID card-based registration with OTP and QR-based issued ILP will be verified by police personnel.
Why it matters: The state comes under the Inner Permit Regime protected under the Bengal Eastern Frontier Regulation, 1873. Hence, tourists are mandated to have an ILP to visit the state. To help expand the state’s tourism sector, the new portal will hopefully increase the number of tourists to the state and ensure their faster movement.
🔢 KEY NUMBER
$3 billion – According to a company filing, the crypto exchange FTX and its linked companies owe more than $3 billion to its 50 largest creditors. The company’s total liabilities are expected to be more than $10 billion.