Explained: The Joint Parliamentary Committee’s suggestion on Data Protection Bill
New Delhi, Nov 23: The Data protection law report was finalised by the Joint Parliamentary Committee. The JPC has suggested stricter compliance requirements for companies and added clauses that provide for lighter obligations on government agencies.
The JPC also said that the state would have a larger say in the legal mechanism that will be set up to safeguard personal and non-personal data. Officials tell OneIndia that the panel suggested new provisions which will build in additional compliances.
Companies will need to report a data breach within 72 hours and also disclose information relating to a person or entity that owns the data. Companies have also been mandated to appoint a senior management personnel as a data protection officer who will ultimately be held responsible for lapses or violations.
Further the rule about mandatory disclosure of third party sharing needs to the data principal need not be made in case it is for state functions or to comply with the state order.
In the event of a leak government departments will also be allowed to carry out an in-house inquiry to fix the responsibility. The JPC was set up in 2019to take up the data protection bill after Members of Parliament were divided over several provisions of the law which was meant to give legal shape to the Right to Privacy following a Supreme Court ruling making it a fundamental right.
The report would be tabled for discussion in Parliament later this month, following which the bill would be re-introduced. The JPC also called for a mechanism in which the social media companies can be treated as publishers in certain circumstances.
A mechanism may be devised under which social media platforms will be held responsible for the content from unverified accounts. This would mean social media companies such as Facebook or Twitter as a publisher will make it liable under laws relating to illegal speech such as those punishing hate and libel. This would mean that they could be prosecuted for the third party content, which they are so far protected under the IT Act.
The JPC has however heard out the stakeholders on certain points. This would include the removal of a blanket provision treating social media companies as publishers and also implementing the legislation in a phased manner over a period of two years.
The recommendations suggest that the government will decide the penalty for those failing to comply with the provisions. The government will also take a call on whether sensitive personal data can be shared with a foreign government or agency.