Digital Personal Data Protection Bill skirts key issues

The older Bill mandated monitoring, testing and certification of hardware devices by the Data Protection Authority

R. Suryamurthy New Delhi Published 21.11.22, 01:34 AM

Representational file image

The draft Digital Personal Data Protection Bill, 2022 did not consider several critical issues such as the regulation of hardware and devices and localisation of data with retrospective effect, which have been opposed by the global tech giants.

Abhishek Malhotra (managing partner, TMT Law Practice) said: “The draft Bill has watered down the objective of a data privacy and protection framework. It appears to give a simpler framework for people to be able to adopt seamlessly.”

“Unfortunately, however, the scope and applicability provisions have also been curtailed and limited to where the collection is online or digitised and where Indians are targeted for profiling. This is a departure from where the focus was on the entities, their activities and their presence,” Malhotra said.

The hardware regulation was dropped as its scope was too large and prone to misuse, allegation and counter-allegations and legal disputes, sources said. The new draft replaces the Personal Data Protection Bill, 2019, which was withdrawn by the government.

The older Bill mandated monitoring, testing and certification of hardware devices by the Data Protection Authority (DPA). This would have required DPA to be armed with specific technical expertise.

Besides, it would have created an additional layer of compliance that had potential to delay commercial access of hardware in the Indian market and create unreasonable responsibility on data fiduciaries for security of data on a consumer’s device.

“The draft Bill has simplified the proposed data protection regime and done away with some contentious clauses which caused industry pushback in earlier versions. Particularly, data mirroring, data localisation requirements and overall compliances appear to be limited compared to the previous Bill,” Rupinder Malik, partner, JSA said.

Prashant Phillips, partner, Lakshmikumaran and Sridharan Attorneys, said: “The Bill continues to retain significant penalties for non-compliance. Compliance with consent must remain a high priority for all companies processing personal data. This is especially when distinctions such as sensitive and critical personal data have not been included in the Bill.

“The new Bill also differs from the 2019 Bill on certain points such as categorisation of personal data further into sensitive personal data and critical personal data, which has been done away with now. That being said, as widely anticipated, the bill provides for stringent financial penalties for up to Rs 500 crores for certain non-compliances,” Sumantra Bose, principal associate at Khaitan & Co said.

Digital Personal Data Protection Bill skirts key issues

The older Bill mandated monitoring, testing and certification of hardware devices by the Data Protection Authority

RELATED TOPICS

Samajwadi Party, Congress work only to benefit their families, vote banks: PM in UP's Etawah

PM Modi wants to take away reservation, says Rahul Gandhi at Telangana rally

Lok Sabha polls: Priyanka Gandhi to drive Congress campaign in Rae Bareli, Amethi

Sandeshkhali 'mistruth' spread by BJP using money, PM should stop shedding crocodile tears

'Blue corner notice issued against Prajwal Revanna, says Karnataka Home Minister

Bengal Guv asks Raj Bhavan employees to ignore any summons by police on woman's complaint

IAF convoy attack: Several people detained, search on for terrorists in J&K's Poonch

Netanyahu’s Cabinet votes to shut down Qatar-owned Al Jazeera offices in Israel

Thousands believe Covid vaccines harmed them. Is anyone listening?

Cop crushed to death by tractor-trolley used for illegal sand mining in MP; 2 arrested

Discrepancies in probe into Rohith Vemula's death, will ensure justice: Congress

No need to capture PoK by force; its people will themselves want to join India: Rajnath