December 16, 2021
“The Joint Committee on the Personal Data Protection Bill (PDPB) tabled its report in both houses of Parliament earlier today. The changes it has recommended to the PDPB include, inter alia, enhancing scope of the bill to include non-personal data, establishing certification process for digital devices, pronouncing a comprehensive policy on data localisation, bringing back mirror copies already in possession of foreign entities, and protecting interests of start-ups.
“Such increased focus on fostering a local digital industrial ecosystem, while may have some merit, should not come at the cost of reduced attention to protecting rights of individuals. Moreover, such strategy may have unintended adverse consequences, succumb to limited state capacity, and result in rent seeking behaviour,” said Pradeep S Mehta, Secretary General, CUTS International.
The process followed for public consultation by the committee though of good intent has proven inadequate and needs to be rethought on grounds of inclusivity and equal access to allow maximum consumer participation and awareness.
These unintended consequences could be in the form of disproportionate regulatory burden on smaller social media intermediaries. The committee appears to paint all social media platforms with the same brush, which could adversely impact innovation and growth in the domestic ecosystem.
Moreover, the committee has not sufficiently acknowledged the operational challenges citizens may face in exercising their rights. The committee has envisaged creation of a single window system to deal with complaints, penalties and compensation. Single window system is typically used to enhance ease of doing business by enabling entities to apply for all approvals at one place.
Mehta pointed out that in case of grievances, citizens must have as many mechanisms as possible to seek redress. A single window system should not result in one portal for citizens to file complaints. Limited awareness and capacity constraints could result in exclusion and distress.
The committee has missed a golden opportunity to break new ground with respect to grievance management by not promoting partnership between the regulator and consumer organisations.
Mehta welcomed the proposed reforms in composition of selection committee of members and the Data Protection Authority. However, he pointed out that the committee proposes to make the regulator increasingly reliant on advice and directions of the government, which may compromise its independent functioning. Better ways of ensuring accountability, such as parliamentary oversight, could have been designed.
In addition, the committee should have prescribed better regulation making process, including notice and comment period, cost-benefit analysis, and transparent stakeholder consultations. These best practices are hallmark of maturing regulatory ecosystem. After all, good processes lead to good outcomes.
With respect to putting government at different pedestal, Mehta quipped that the presumption that state and its agencies will always act in the interest of citizens, without reasonable scrutiny and accountability measures, has not stood the test of time. Not only does this raise suspicions relation to intent, but also creates an uneven playing field between public and private sector.
Going forward, while finalising the bill, the government must involve consumer organisations and other civil societies groups to incorporate consumer interests towards a holistic, inclusive and informed law making process.
For further details, contact:
Vijay Singh, at email@example.com
Amol Kulkarni, at firstname.lastname@example.org