Some of them include coverage of non-personal data, treatment of certain social networks as publishers, and extended data localization mandates. He added that there are still some key steps before the suggestions in the report become legally binding.
Industry representatives raised concerns about some of the recommendations from the Parliamentary Committee on Data Protection Act, including those related to the inclusion of non-personal data and expanded data localization mandates, that they said would harm people’s rights and affect businesses.
A parliamentary committee on Thursday recommended stricter standards to regulate social media platforms by holding them accountable for the content they host, while stressing that it is necessary to store data in India and restrict access to it by classifying it as sensitive and critical personal data.
It also recommended that the proposed data protection legislation be expanded to include both personal and non-personal data with “one administration and one regulator”.
The Internet and Mobile Association of India (IAMAI) said its members are currently evaluating the report and “at first glance, it appears that the draft that was introduced in 2019 after as much consultation as possible has fundamentally changed, including the title of the bill from personal.” Data Protection Bill into Data Protection Act”.
It added that “some other deviations such as recommendations that social media brokers can become publishers in certain circumstances and that some aspects of the data localization standards significantly alter the original structure of the bill.”
IAMAI notes that the inclusion of non-personal data in the Personal Data Protection Act is inconsistent with the recommendations of the expert committee appointed by MEITY to develop a framework for the management of non-personal data.
“Requiring the DPA to consult with the central government before issuing any approvals or decisions regarding cross-border data flows would create an incredibly slow and cumbersome process for decisions and reduce the independence and efficiency of a specialized body such as the DPA (Data Protection Authority),” he said.
Mozilla Corporation’s public policy advisor Udbhav Tiwari said the JPC’s latest report raises many concerns that it “harms people’s rights and will be detrimental to the open Internet”.
Some of them include coverage of non-personal data, treatment of certain social networks as publishers, and extended data localization mandates. He added that there are still some key steps before the suggestions in the report become legally binding.
The BSA-The Software Alliance also stated that many of the report’s recommendations remain worrisome.
“We are particularly concerned about the recommendation to expand the bill to regulate non-personal data (NPD). The goal of the Personal Data Protection Bill, which protects the privacy of individuals, often runs counter to the goal of the proposed NPD Governance Framework, which is to generate more value from data.”
The BSA notes that keeping these two efforts separate, and establishing clear and distinct rules to protect personal and non-personal data, is the best way to ensure that neither goal is diluted.
“We are also concerned about mandatory data localization requirements and undue restrictions on cross-border data transfers, which are stringent obligations that will not only weaken privacy protections but also impede interoperability with emerging international standards and practices affecting economic opportunities in India,” she added. .
Removing provisions for NPD, avoiding mandatory localization of data, and promoting cross-border data transfers in the final bill will support the bill’s goals of protecting personal data and enhancing privacy protections, Venkatesh Krishnamurthy, Director of Software Consortium of India (BSA) said.
“On the contrary, a failure to do so would be detrimental to India’s digital revolution which must be built on strong privacy foundations,” he said, adding that these concerns must be addressed to better protect the privacy of its citizens, and increase economic opportunities and jobs around the world. sectors, accelerating the development of India as an innovation hub for emerging technologies.
IAMAI also raised concerns about 18-year age restrictions on certain services that would exclude an important demographic from the digital ecosystem and “would conflict with most data systems that create enabling provisions for 13-18 years”.
In addition, the inclusion of “psychological manipulation that impairs an individual’s autonomy (without sufficient understanding of what this would entail) under the meaning of “harm” creates enormous scope for inaccurate interpretations of the law,” the report states.
IAMAI highlighted that the recommendations may lead to an increased compliance burden on startups, and suggested establishing an expert team to study the impact of these recommendations on startups. Besides, the bill will infringe on the intellectual property rights of companies as part of new requirements regarding data portability and transparency of algorithms.
She said that these goals could be achieved without compromising trade secrets.
“IAMAI is confident that the government will continue the spirit of transparency and consultation in which the previous bill was drawn up and urges further deliberation on the report,” she added.
Financial Express is now available on Telegram. Click here to join our channel And stay up-to-date with the latest Biz news and updates.