A Parliamentary panel deliberating on the Personal Data Protection Bill has recommended limiting the exemptions available to the government under the current version by placing reasonable restrictions on how the exemption can be availed, people aware of the development said.
The draft Personal Data Protection Bill, 2019 was referred to a Joint Parliamentary Committee (JPC) in 2019 which was tasked to come up with a report on its recommendations on the various provisions in the bill.
Entrackr has learnt that the committee has completed a draft report and a copy of the same has been circulated among its members for final review, after which it will be presented in the Winter session of Parliament.
In its preliminary report, which runs to well over a hundred pages, the JPC has recommended that the government be exempted only under a “just, fair, reasonable and proportionate procedure”, a person with direct knowledge of the report’s contents told Entrackr, on condition of anonymity, since the report is currently confidential.
On top of that, the committee recommended that exemption should only be exercised in very “exceptional” cases. We were told that these recommendations are made in the draft report and could very well change when the final version comes out.
Currently, the contentious clause 35 of the draft data protection bill allows the government and its agencies to gain blanket exemptions from complying with any and all provisions of the bill, with no checks and balances in place. Agencies like the Aadhaar authority UIDAI and the Income Tax Department have already sought to be exempted from the bill.
Entrackr was the first to report earlier this month that the committee was considering restricting the leeway available to the government under the current draft of the bill.
After examining court judgements and legislation from other countries, the committee found that government exemptions have precedent since citizens’ fundamental rights are subject to reasonable restrictions, the person quoted above said.
The JPC also relied on the GDPR, the US’ Cloud Act and India’s 2017 right to privacy judgement, all of which allow the state certain exemptions to safeguard national interests, but only with checks and balances in place.
In the GDPR for instance, government bodies are exempted when they’re acting towards the prevention, investigation, detection, or prosecution of criminal offenses for public safety.
Civil society activities and privacy practitioners have in the past sounded caution on handing the government in India such overarching powers, due to a history of overreach in the past. In that context, the committee’s recommendation gains even greater significance, since it could possibly limit the government machinery from abusing the law.
In fact, that was a major concern that several members in the committee shared — about the potential misuse of this particular clause in instances where the privacy of citizens would have to be subsumed for the protection of state interests, the source quoted above said.
More clarity on the distinction between personal and non-personal data
While the current draft empowers the government to come up with a separate policy on non-personal data in the future, the JPC felt that the bill does not give enough clarity on the types of data that would be outside of the ambit of a personal data protection bill, the source said.
The JPC, in its report, has recommended that the government keep non-personal data “including anonymous data” outside the purview of the personal data protection bill.
Entrackr has also learnt that in December last year, during the JPC’s consultations with the IT Ministry, it was told by representatives from the ministry that any directions made towards framing a policy for non-personal data may be exempted from being placed before Parliament — currently, clause 95 of the data protection bill requires the government to place in Parliament every rule and regulation made under the data protection legislation.