Personal Data Protection Bill: A glance at the concepts of the bill on digital privacy

Updated: December 14, 2019 10:47 AM

It includes several novel concepts not present in the draft circulated by the Committee of Experts.

Personal Data Protection Bill, digital privacy, Personal Data, Critical Personal Data, Significant Data Fiduciaries, Data PrincipalThe Bill proposes a regulatory sandbox to promote the development of new technologies such as artificial intelligence and machine learning. (Reuters photo)

By Arun Prabhu

The Personal Data Protection Bill, 2019 (the “Bill”), is largely based on the draft of the Personal Data Protection Bill, 2018 submitted by the Committee of Experts constituted under the Chairmanship of Justice Srikrishna (Retired.). The Bill continues to mandate that Personal Data be processed fairly and reasonably while ensuring the privacy of the Data Principal, for purposes that are consented to by the Data Principal, or purposes incidental or connected thereto.

It includes several novel concepts not present in the draft circulated by the Committee of Experts. For instance, it defines a category of Social Media Intermediaries and excludes search engines, storage and email providers, E-Commerce platforms, ISPs, etc.

Social Media Intermediaries having more than a specified number of users and whose actions are likely to impact certain factors like democracy, the security of the state, sovereignty, etc., will be notified by the Central Government as Significant Data Fiduciaries. All such entities are required to enable users who register for their services from India to voluntarily verify their accounts, and thereafter mark verified accounts with a specified mark which will be visible to all users.

The Bill proposes a regulatory sandbox to promote the development of new technologies such as artificial intelligence and machine learning. Entities which successfully apply for inclusion in the sandbox will enjoy certain time-bound exemptions from purpose, storage and consent requirements.

The Bill also proposes limiting the data localization requirement only to Critical Personal Data, while permitting sensitive personal data (as opposed to all personal data) to be transferred and processed outside India.

While the above changes would arguably help enable certain types of businesses, other changes, such as the removal of a specific implementation timeline, transition provisions and the requirement to share anonymized and non-personal data with Central Government under certain circumstances may prove to be a source of concern.

(The author is Partner with Cyril Amarchand Mangaldas, and also with Technology, Media and Telecommunications (TMT) group. Also a member of the Government of India’s working group on the legal enablement of information and communication technology systems. Views expressed are personal.)

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Covid-19: Cases of ‘Kappa’ variant of coronavirus found in Gujarat
2Longer gap in Pfizer-BioNTech Covid vaccines boosts antibody levels: Study
3Cumulative Covid vaccine doses administered in India exceed 43 crore: Health ministry