In our last article (link here- https://worldprivacylaw.com/?p=870) we discussed only 8 points of the Joint Parliamentary Committee on Personal Data Protection Bill. In today’s article we will discuss and cover the outstanding points and some legality with respect to Individual Privacy Vs. National Interest.
9) Central government, in consultation with all the sectoral regulators, is mandated to prepare and pronounce an elaborative policy on data localisation and to that effect adequate infrastructure for the safe storage of data of Indians to be created and which also may generate employment.
9) Restriction on retention of data by data fiduciary beyond the necessary period and must delete the personal data at the end of processing. (Point to be noted that the new legislation says that it will include both kinds of data personal and non-personal but this recommendation is speaking of only personal data).
10) In case of employment, the employees’ data must be used with utmost care and caution and can be processed only with prior consent and when necessary.
11) Guardian Data Fiduciary- the terms need to be defined along with explanations. This is creation of a separate class of guardian data fiduciary on behalf of children.
12) Data Breach is to be reported within 72 hours of becoming aware of such breach, so that immediate measures can be taken to mitigate any harm.
13) Appointment of data protection officer and every significant data fiduciary must appoint an India based data protection officer.
14) Single Window System- this is newly introduced clause (Chapter X) which shall deal with complaints, penalties and compensation.
15) Addition of conditions requisite to transfer critical data subject to explicit consent.
16) Regulation of processing as per the code of ethics issued by Press Council of India (PCI) for the purpose of processing personal data for journalistic purposes.
17) Composition of Selection Committee for appointment of chairperson and members of DPA under which it is provided that the authority must be formed and one person must be appointed who is an expert in the area of law.
18) Flexibility have been opted in penalty provisions for data fiduciaries.
19) Last but not least, heads of the Government Department are not to be made directly responsible for data breach.
So, we have discussed the all recommendation as mentioned by the Joint Committee vide its press release dated 16.01.2021. After that there was a statement made by the Shri. P.P. Chaudhary, Chairperson of the Joint Parliamentary Committee saying that the “national interest is always above the individual’s interest” which is nothing but indicates that the national interest is the highest law and individual privacy would survive at the cost of it although we do concur with the same but what amounts to national interest should be well defined else anything can be treated or termed as national interest and breach of individual’s privacy would become a normal case.
Picture Credit- https://www.termsfeed.com/blog/pdpb