- GS 3: Basics of cyber security
- Recently, the Joint Parliamentary Committee (JPC) adopted the draft report on the Personal Data Protection (PDP) Bill 2019, after almost two years of deliberations.
- JPC has retained the controversial exemption clause that allows the Government to keep any of its agencies outside the purview of the law with minor changes.
- The Bill was drafted after the Justice K.S. Puttaswamy vs Union of India case on privacy where Supreme Court ruled that ‘Right to Privacy’ is a fundamental right.
- The draft Bill falls short of the standards set by the Justice Srikrishna Committee to build a legal framework based on the landmark judgment.
- The key divergences from the Justice Srikrishna Committee’s draft Bill are in the selection of the chairperson and members of the Data Protection Authority (DPA) which shall protect the interests of data principals and the leeway provided to the Union government to exempt its agencies from the application of the Act.
- While the 2018 draft Bill allowed for judicial oversight, the 2019 Bill relies entirely on members of the executive government in the selection process for the DPA.
- The 2019 Bill adds “public order” as a reason to exempt an agency of the Government from the Act, besides only providing for those reasons to be recorded in writing.
- The 2018 Bill that allowed for exemptions to be granted to state institutions from acquiring informed consent from data principals or to process data in the case of matters relating only to the “security of the state” and also called for a law to provide for “parliamentary oversight and judicial approval of non-consensual access to personal data”.
- The Bill should include those exemptions granted in writing should at least be tabled in both Houses of Parliament.
- The ground “public order” should be removed as it provides too much scope of missuse.
- It is now the task of Parliament to tighten the provisions further and bring them in conformance with the 2018 Bill.