Parliamentary panel retains controversial exemption clause in Personal Data Protection Bill

In dissent note, six of the 30 members press for ‘judicial or parliamentary oversight’ for granting exemptions

A secure nation alone provides the atmosphere which ensures personal liberty and privacy of an individual, the Joint Parliamentary Committee on Personal Data Protection (PDP) Bill 2019, has argued in its report defending the controversial exemption clause that allows the Government to keep any of its agencies outside the purview of the law. The committee has retained the Clause with minor change.

The report on the PDP Bill was adopted on Monday at the committee meeting in Delhi. The committee has been deliberating on the report since 2019.

Clause 35 in the name of “public order”, ‘sovereignty’, “friendly relations with foreign states” and “security of the state” allows any agency under the Union Government exemption from all or any provisions of the law. Six of the 30 members of the committee have filed dissent notes against the exemption clause. Sources said two more members will be filing a dissent note in the next few days.

This was one of the widely debated clauses in the panel meetings, where the members had argued that “public order” should be removed as a ground for exemption. They had also pressed for “judicial or parliamentary oversight” for granting such exemptions. The members had also suggested that “there should be an order in writing with reasons for exempting a certain agency from the ambit of the Bill”. Some of them had asked that only partial exemption should be given to the agency if needed.

No easy choice

The final report that The Hindu has accessed did not accept any of these suggestions arguing that there is a need to balance the concerns regarding national security, liberty and privacy of an individual. Conceding that there can be no easy choice between these concerns, the report said, “A secure nation alone provides the atmosphere which ensures personal liberty and privacy of an individual whereas multiple examples exist where without individual liberty and privacy, national security itself gives rise to autocratic regimes.”

The report notes that this clause is for “certain legitimate purposes” and also said there is precedent in the form of the reasonable restrictions imposed upon the liberty of an individual, as guaranteed under Article 19 of the Constitution and the Puttaswamy judgment. At the same time, the committee expressed concerns with possible misuse. The Committee, therefore, feel that though the State has rightly been empowered to exempt itself from the application of this Act, this power may, however, be used only under exceptional circumstances and subject to conditions as laid out in the Act,” the report said.

In one of the longest dissent notes, Congress leader Manish Tiwari holistically rejected the Bill in its present form in entirety for its design flaw. He has raised specific objections to 37 clauses. This includes an objection to the Government exemption clause of 35. He said the Bill creates two parallel universes — one for the private sector where it would apply with full rigour and one for the Government where it is riddled with exemption, carve outs and escape clauses.

“A Bill that seeks therefore to provide blanket exemptions either in perpetuity or even for a limited period to the ‘state’ and its instrumentalities, in my estimation is ultra vires of the Fundamental Right to privacy as laid down by the 9-judge bench of the Supreme Court of India in Puttaswamy (2017) judgement,” he said.

No adequate safeguards: TMC

In a joint dissent note, TMC leaders Derek O’Brien and Mahua Moitra said the Bill does not provide adequate safeguards to protect the right to privacy and gives an overboard exemption to the Government. Clause 35 is open to misuse since it gives unqualified powers to the Government.

Watch | All about the Personal Data Protection Bill

 

Congress Lok Sabha MP Gaurav Gogoi said the Bill pays little attention to “harms arising from surveillance and effort to establish a modern surveillance framework”. He too has expressed reservation on Clause 35. He has argued for parliamentary oversight for all the exemptions provided under the Bill.

Among its key recommendations, the Committee has pitched for stricter regulations for social media platforms. It has recommended that all social media platforms, which do not act as intermediaries, should be treated as publishers and be held accountable for the content they host, and should be held responsible for the content from unverified accounts on their platforms.

It has said no social media platform should be allowed to operate unless the parent company handling the technology sets up an office in India and that a statutory media regulatory authority, on the lines of the Press Council of India, may be set up for the regulation of the contents on all such platforms irrespective of the platform where their content is published, whether online, print or otherwise.

Policy on data localisation

Some of the other recommendations of the committee include development of an alternative indigenous financial system for cross-border payments on the lines of Ripple (U.S.) and INSTEX (E.U.) and that the Central Government, in consultation with all the sectoral regulators, must prepare and pronounce an extensive policy on data localisation.

Further, pointing that the threat of data leak through hardware is a serious concern, the committee noted that the Bill has no provision to keep a check on collection of data by hardware manufacturers. It has recommended that the Government should make efforts to establish a mechanism for the formal certification process for all digital and IoT devices that will ensure the integrity of all such devices with respect to data security.

Source: Read Full Article