The Internet and Mobile Association of India (IAMAI), on Friday, said based on their on-going evaluation of the Joint Parliamentary Committee (JPC) report on Personal Data Protection (PDP), it seems that the draft that was put out in 2019 after widest possible consultations has changed fundamentally, including the title of the Bill from Personal Data Protection Bill to Data Protection Bill.
The industry body raised concerns over age restriction of 18 years on certain services that will exclude an important demographic from the digital ecosystem, and will contradict most data regimes that create enabling provisions for 13-18 years.
“In addition, the inclusion of ‘psychological manipulations which impairs the autonomy of any individual’ (without sufficient understanding of what this would entail) under the meaning of ‘harm’ creates immense room for inaccurate interpretations of the law,” IAMAI said in a statement.
According to IAMAI, the report currently encompasses non-personal data within the personal data protection Bill which it said is “contrary to the recommendations of the expert committee appointed by MEITY to develop a framework for non-personal data governance.”
It added, “The requirement on DPA (Data Protection Authority) to consult the Central Government before issuing any approvals or decisions on cross-border data flows would create an incredibly slow and cumbersome process for decisions and would mitigate the autonomy and efficiency of a specialised body such as the DPA.”
Compliance burden
The industry body believes that the recommendations might bring higher compliance costs on start-ups, and suggested that an expert group should be set up to study the impact of these recommendations on start-ups.
“IAMAI is confident that the government will continue the transparent and consultative ethos under which the earlier draft Bill was developed and urged further deliberations on the report,” the industry body said.
Certain provisions in the report such as the new requirement for hardware/device testing need to be discussed with the industry as the outcomes of such a mechanism are not clear given that data fiduciary is already legally accountable for complying with the law, it added.
“The Bill will impinge upon the IP rights of the companies as part of the new requirements on data portability and algorithmic transparency. These objectives can be achieved without compromising on trade secrets,” IAMAI said.