Topics In Demand
Notification
New

No notification found.

Blog
Update: NASSCOM-DSCI Feedback on the Personal Data Protection Bill, 2019

July 3, 2020

942

0


Listen to this article



As a part of the consultation process undertaken by the Joint Parliamentary Committee (JPC) chaired by Member of Parliament, Smt. Meenakshi Lekhi, NASSCOM, together with the Data Security Council of India (DSCI) submitted their comments on the Personal Data Protection Bill, 2019 (PDP Bill) on 26 February 2020. The NASSCOM-DSCI submission was prepared based on extensive industry consultation carried out between December 2019 and January 2020.

More recently, NASSCOM was invited by the JPC to submit a presentation on its views on the PDP Bill. Accordingly, NASSCOM and DSCI submitted a presentation deck before the JPC on 8 July 2020, highlighting the key points from its February 2020 Submission.

In particular, the presentation highlighted the eight foreseeable challenges in the context of the PDP Bill:

  • Appropriately defining the scope of Sensitive Personal Data
  • Appropriately defining grounds for processing Sensitive Personal Data
  • Considering implications of the above, on issues relating to cross-border processing of Sensitive Personal Data and Critical Personal Data
  • Properly defining the carve-outs for processing of foreign nationals’ data
  • Reconsidering the inclusion of criminal offences in the PDP Bill
  • Reconsidering provisions relating to the sharing of Non-Personal Data under the PDP Bill
  • Providing additional clarity on the scope of application of the PDP Bill and the transition timelines available to the industry for compliance
  • Appropriately defining the functions of the Data Protection Authority (DPA)

As with the February 2020 submissions, NASSCOM-DSCI highlighted that certain types of personal data, such as Official Identifiers and Financial Data, should not be treated as Sensitive Personal Data under the PDP Bill – given especially the wide definitions afforded to these terms under the PDP Bill. Instead, it was advocated that a risk-based approach should be adopted to the classification of Sensitive Personal Data.

Likewise, emphasis was also placed on the need to extend the “reasonable purposes” ground available for the processing of Personal Data, to the processing of Sensitive Personal Data as well – particularly, in the context of processing of Sensitive Personal Data for employment purposes (such as processing of biometric data for maintenance of attendance).

Other issues, such as greater clarity over adequacy mechanisms, and the precise scope and conditions of the exemption to processing of foreign nationals’ data; in addition to making such an exemption explicit in the Bill itself.

A point was also made as to the inclusion of Non-Personal Data within the Scope of the PDP Bill, especially considering that the Ministry of Electronics and Information Technology (MeitY) has already established a Committee on Non-Personal Data, to consider in detail the framework for sharing of non-personal data, together with adequate safeguards for such sharing.

Lastly, the presentation emphasized upon the need for the DPA to be independent, and for it to adopt a co-regulatory approach through hard-coded obligations to consult industry and other regulators. Likewise, the DPA should imbibe regulatory governance, and adopt open and effective consultation processes.

NASSCOM and DSCI have not deposed before the JPC as on date. The contents of our submissions to the JPC are being withheld from publication, till the conclusion of the JPC’s process.

 

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Indrajeet Sircar
Consultant, Public Policy and Outreach

© Copyright nasscom. All Rights Reserved.