Leading technology firms and internet companies could approach the court to challenge certain provisions in the data protection bill if lawmakers agree and implement all the suggestions of the Joint Committee of Parliament (JCP) in the final legislation, The Economic Times reported, citing sources.
The Joint Committee on the Personal Data Protection Bill adopted a draft report on November 22 with seven of its 31 members moving dissent notes against various clauses.
According to the report, the biggest point of contention is the proposal to classify social media platforms as publishers as it places the onus for user generated content on internet companies and will impact a host of global majors including Facebook, Google’s YouTube, Twitter and WhatsApp, all of whom stand to lose the safe harbor or immunity currently provided by Information Technology Act, 2000.
Kumar Deep, country manager, India, ITI Information Technology Industry Council, said any new concept of privacy introduced as an amendment should be based on a consensus approach and is therefore important that all stakeholders, including key industry bodies, are engaged before a robust data protection legislation is put in place by the government.
TI Information Technology Industry Council counts companies such as Intel, Amazon, and Apple as its members.
Other clauses such as the inclusion of non-personal data in the privacy law as well as provisions for certifying hardware devices and the demand that sensitive personal data and critical personal data be stored locally, are also stoking concern.
Some days back, people privy to the development had said the panel has suggested new provisions that will build in additional compliances: companies will need to report a data breach within 72 hours, mandatorily disclose if information relating to a data principal (person or entity that owns the data) is passed on to someone else, and appoint senior management personnel as data protection officers who will ultimately be held responsible for lapses or violations, reported Hindustan Times.
At the same time, the rule about mandatory disclosure of third party sharing need to the data principal need not be made in case it is for State functions (such as for offering benefits, or maintaining law and order) or to comply with a court order. Government departments will also be allowed to carry out an in-house inquiry to fix responsibility in the event of a leak, it added.
Meanwhile, many privacy experts said the clause that classifies social media platforms as publishers are worrying for companies like Facebook and Google as it may directly impact their business model.
Civil society could also go to court over sweeping exemptions granted to government and law enforcement agencies in the recommendations made by the committee, according to public policy expert Prasanto K Roy.
The JPC was set up in 2019 to take up the personal data protection bill after parliamentarians were divided over several provisions of the law meant to give a legal shape to the Right to Privacy after it was made a fundamental right by the Supreme Court in 2017.
