The Joint Parliamentary Committee has published its report on the Personal Data
The Joint Parliamentary Committee has published its report on the Personal Data Protection (PDP) 2019 Bill in both houses of Parliament. The report is a clause-by-clause examination of the proposed law with more than 80 recommendations and 150 drafting changes to allow Members of Parliament to debate and vote on the country’s first data protection law.
The report recommends changing the scope of the bill to include non-personal data, after noting that it is impossible to clearly demarcate between personal and non-personal data. Several portions of the bill already deal with various kinds of data requiring different levels of security. The subset of non-personal data will also include anonymised personal data.
The Committee has retained the controversial powers of exemption granted to the Central Government under Clause 35. This exception allows the government to exempt any of its agencies from data protection regulations. The Committee attempted to temper the provision through a clause requiring the Central Government or its agency to follow “just, fair, reasonable and proportionate procedure,” taking inspiration from the right to privacy exceptions laid down in Puttaswamy v Union of India (2017).
The committee has recommended a 24-month period after the notification of the Act for the appointment of the chairperson and members of the Data Protection Authority.