Parliamentary standing committee on communications and information technology (IT) in a report on “Citizens’ Data Security and Privacy”, presented to both the Houses on Tuesday, has examined and shared recommendations on the draft Digital Personal Data Protection (DPDP) Bill, 2023, amidst objection from opposition members that the panel does not have jurisdiction to look into the legislation unless it’s presented before the parliament.
businessline had reported ahead of tabling of the report that the committee has cautioned the government to create a mechanism to check misuse of extraordinary powers vested in the State for processing personal data without consent of people in certain instances, including for national security purposes and offering social services.
Sources said the committee has been deliberating on the larger topic “Citizens’ Data Security and Privacy” since 2018 even at the time when the committee was chaired by Congress MP Shashi Tharoor. Opposition members have participated in the proceedings. The Opposition MPs, however, walked out of the proceedings at the time of adoption of the report last week. While some in the committee say that their focus has been on the larger issue of citizens’ data security and privacy and not on the DPDP, which is yet to be tabled, some of the Opposition MPs have said that the committee breached parliamentary protocol by giving a report that concerns the DPDP. In fact, CPI(M) MP John Brittas wrote to both Lok Sabha Speaker and Rajya Sabha chairman opposing tabling of panel report on the grounds that it was beyond its remit.
Responding to Brittas, Minister of State for Electronics and IT Rajeev Chandrasekhar said, “This is misinformation and completely wrong” as no legislation including DPDP can be referred to any committee unless it is done so by Parliament. The “DPDP has not been introduced into parliament and so question of considering it in committee does not arise,” he tweeted in response to Brittas charge that the “ruling party has no hesitation to trample on rules and regulations”.
The panel report said the DPDP will lead to amendments in certain provisions of the Information Technology Act, including Section 43A (which is on compensation for failure to protect data), Section 81 (talks about the Act having effect notwithstanding anything inconsistent contained in any other law), and Section 87 (power of central government to make rules).
“Even power of disclosure under Right to Information Act, which exempts from disclosure of personal information but empowers PIO/ Appellate Authority to disclose despite exemption will have to be removed,” stated the panel report.
Global practices
The government, informed the Committee, has made “all-out effort” in formulating the Bill by taking into account best global practices observed in the personal data protection laws of Singapore, Australia, the European Union, and the prospective federal legislation of the US, the report informed.
Following best global practices, the Committee noted, the Bill does not make any provision for any criminal liability. Only civil liabilities have been envisaged though criminal liability under certain sections of Indian Penal Code like 405 may also be invoked in the case of data theft, observed the panel findings.
“The Committee are of the view that the criminal liability available under IPC may also be informed to the public at large which would have a deterrent effect and fire-fighting at a later stage would be avoided,” it pointed out.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.