The Personal Data Protection Bill (PDPB) has created quite a buzz since Tuesday after it came to light that the latest version of the bill seeks to allow the use of personal and non-personal data of users in some cases, especially when national security is involved.
Several legal experts have already red-flagged the issue and said the provision will give the government unaccounted access to personal data of users in the country.
The bill, which will be up for debate in Lok Sabha on Wednesday, mentioned a provision that will empower the government to ask companies including Facebook, Google and others for anonymised personal data and also non-personal data.
According to reports, the bill defines personal data as information that can help in the identification of an individual and has characteristics, traits and other features of a person identity.
DATA PROTECTION WITH EXEMPTIONS
While the bill is technically intended to protect the personal data of individuals, it allows room for several exemptions to crackdown on unlawful activities.
The draft bill presented to members of Parliament on Tuesday clearly said that data may be processed without obtaining consent from the concerned user if it is necessary for the public interest.
Non-personal data can also be obtained without consent to help in the delivery of government services and for policy formulation.
Supratim Chakraborty, a partner specialising in data privacy at Khaitan & Co said, said that the proposed measures may trigger panic among big technology companies who value non-personal data of customers as well.
However, a senior Indian government official defended the bill and said such data is also wealth for the society and said data from a company like Uber could help government understand public transport constraints, which will help in developing better transport networks.
The bill, after having got the Union Cabinet approval last week, is likely to be sent to a joint committee for further discussion after it is tabled today. The bill is unlikely to be passed in the current session as it ends on December 13.
While it also broadly categorises data of individuals into three categories -- critical, sensitive and general the government can, at any point, bypass restrictions to give complete access to itself or any agency under it.
In a nutshell, the provision will allow the government to order any social media platform Facebook, Google, WhatsApp, Twitter, Amazon, Flipkart, TikTok, Apple and others to share user-specific data in some special cases.
However, this is in contrast to the draft bill submitted to the central government by the Justice BN Srikrishna Committee. It had no mention of providing any such exemptions or powers to the government and its various wings.
The draft bill prepared by the committee said that processing personal data of users, even if it entails national security, should be authorised by law. However, the current version of the bill does not clearly mention the procedure that the government would have to follow to gain access to someone personal or non-personal data.
COMPANIES WORRIED
The Personal Data Protection Bill also asks large social media platforms like Facebook and Twitter to offer a process for users to prove their identities and display a verification sign publicly, much like the blue ticks on verified Twitter profiles.
The privacy bill is a part of the government efforts to have more control overflow of data and also help it track unlawful activities by using digital footprints of users. However, some companies have already started speaking out against the draft bill.
On Tuesday, internet company Mozilla Corporation said the draft bill, which exempts the government from using personal data of users represented new and significant threats to Indians’ privacy.
If Indians are to be truly protected, it is urgent that the Parliament reviews and addresses these dangerous provisions before they become law, the company said.