Topics In Demand
Notification
New

No notification found.

Blog
Update: NASSCOM-DSCI Consultation Series on the Personal Data Protection Bill, 2019

February 26, 2020

2664

0

Over December 2019 and January 2020, NASSCOM and DSCI conducted a series of Consultation Sessions across Delhi NCR, Mumbai and Bangalore on the Personal Data Protection Bill, 2019.

Based on the inputs received from members, both during the Consultation Sessions, as well as through written submissions provided by members, the following issues arise as key concerns:

  • Categorisation of Sensitive Personal Data and its consequential impact
  • Restrictive grounds for Processing Personal Data and Sensitive Personal Data
  • Restrictions and conditions for Cross-Border Transfer of Sensitive Personal Data and Critical Personal Data
  • Lack of appropriate framework to build trust for processing of global data in India: Power to Exempt certain Data Processors from data processing obligations
  • Provisions Dealing with Non-Personal Data
  • Strengthening of framework for an effective and accountable Data Protection Authority (DPA)
  • Lack of appropriate grading of Criminal Offences

Moreover, there appear to be several interpretative ambiguities under the current draft of the PDP Bill 2019 – either on account of the framing of the provisions, or on account of the lack of sufficient detailing in the PDP Bill 2019. In particular, the interpretative issues exist with regard to:

  • Provisions relating to the designation of Significant Data Fiduciaries, in particular, relating to the DPA’s exercise of the discretion in designating a significant data fiduciary, provisions relating to the appointment of Data Protection Officer by significant data fiduciaries, and modalities of the requirement for Data Audits;
  • The definition of “Personal Data” under the PDP Bill 2019, in particular the inclusion of “inferences derived” within the scope of the definition;
  • Timelines for implementation and the geographical scope of application of the provisions of the PDP Bill 2019;
  • Mechanism and scope of the certification and publication process of Privacy by Design policies;
  • Technical requirements for the exercise of a data principal’s right to correction, and the corresponding compliance requirements for data fiduciaries;
  • The lack of a definition for “financial institutions” under the Bill;
  • The Central Governments power to prohibit the processing of certain categories of biometric data; and
  • Definition of ‘harm’ under the PDP Bill 2019, and potential exceptions to the same.

NASSCOM and DSCI believe, that these concerns, if addressed, can help operationalise an effective framework for individual privacy in India, while projecting India as a trusted, efficient and competitive player in global digital value chains.

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Indrajeet Sircar
Consultant, Public Policy and Outreach

© Copyright nasscom. All Rights Reserved.