Our Team

STA's Team of Lawyers in Abu Dhabi, Bahrain, Doha, UAE, Luxembourg, Moscow, RAK, Sharjah, and Singapore. Find a Lawyer. ..

Read more information

Joint Parliamentary Committee Recommendations on The Indian Personal Data Protection Bill

Joint Parliamentary Committee Recommendations on

The Indian Personal Data Protection Bill

The Joint Parliamentary Committee (JPC) published its recommendations on the Personal Data Protection Bill, 2019 (hereinafter referred to as the PDP), in December 2021. The Committee believed that the Bill frustrated the fundamental objective of the right to privacy, which was one of the reasons for the conception of the PDP Bill. As per the recommendations, the Committee provided that the law on data protection should be inclusive of non-personal data and anonymized data as well, as any violation of the non-personal data of the data principal shall also amount to the breach of privacy enshrined under Article 21 of the Constitution. As a result, the Committee recommended that the Bill be renamed the Data Protection Bill, 2021 (DP).

The Committee further recommended including the definitions of non-personal data as well as a data breach. We know that the right to privacy also includes the right to be forgotten, and the PDP Bill contained such provisions pertaining to the same. But, the Committee stated that such an action might not always be possible due to certain legal obligations; as a result, the provision was altered to consider the cases wherein such erasure of data would not be possible along with the interests of the government. The Committee also recommended that in case of a data breach, the notice by the data fiduciary should be made to the DPA within 72 hours of being aware of the breach. Further, another recommendation was the requirement of fresh consent of a child within three months of the child becoming a major.

Further, any fiduciary that deals with children's data needs to be registered with the DPA and has to be added as a significant data fiduciary. The Committee also deleted the concept of a Guardian Data Fiduciary. Additionally, the Committee also observed the importance of localization of data from the point of view of national security and the privacy of the individuals. It recommended that the government ensure that the mirror copy of the critical and sensitive personal data of the individual already in possession with the foreign entity should be brought to India within a specified time. The Committee observed that the correct term for the 'social media intermediary'  should be 'social media platforms as they help people communicate online.

The 2019 Bill provided for exemption of the application of the provisions of the PDP Bill to the Government agencies. Still, the Committee recommended that the procedure followed by these agencies, after exemption, should be just, fair, and reasonable. There were also recommendations pertaining to the data of the deceased, liability on violation of the provisions, data transfer and portability, complaints, compensations, and penalties. These recommendations have led to the creation of a new Bill, namely the Data Protection Bill, 2021, that removes the shortfalls of the 2019 Bill, thereby upholding the spirit and objective and the principle of the Right to Privacy.

Related Articles