Clipped from: https://www.thehindubusinessline.com/news/data-protection-bill-simplified-but-diluted-say-experts/article66154011.ece
`Bill itself is a significant degradation of the previous versionsтАЩ
The draft Digital Personal Data Protection Bill 2022, issued on Friday, appears to be a simplified version of the PDP Bill 2019, but is significantly diluted in many parts, and gives the government the ultimate power of decision-making, said experts.
тАЬIn the journey from 2017 to 2022, instead of a strong personal data protection law being implemented, we have on the table a weak- and ill-crafted draft that lacks focus. India had a minimalist data protection law under Section 43A IT Act, but with some support from a more robust Sensitive Personal Data Rules. All of the data principles built into the rules stand diluted in this draft,тАЭ NS Nappinai, Supreme Court Advocate and Founder, Cyber Saathi, told businessline.
Despite the meandering ways and delays, one has to hope that this would not be a draft that will see its way into Parliament, she said.
тАЬThe exemptions read with deemed consent provisions in effect take away any protection that Indians have even as on date, and substantially gives the government a free pass,тАЭ she added.
Rupinder Malik, Partner, JSA (leading national law firm in India), said the 2022 DPDP Bill has simplified the proposed data protection regime and done away with some contentious clauses, which caused industry push back in earlier versions.
тАЬParticularly, data mirroring, data localisation requirements, and overall compliances appear to be limited compared to the previous Bill. The legislative intent appears to be tech and IT business friendly, focussed on facilitating cross-border data flows,тАЭ she said.
Another expert pointed out that while the government maintained that it wanted to draft the Bill in simple language so that people could understand it and also keep it short, it had to make sure that the Bill was comprehensive enough to protect the interests of citizens, which is not the case right now.
тАЬThe Bill itself is a significant degradation of the previous versions that we had. The last Bill which was put out had 90 clauses, which has now been brought down to 30 odd clauses now. There are basic principles that a data protection law should have, which are missing in this Bill,тАЭ said Amber Sinha, Senior Fellow at Mozilla Foundation and earlier with the Centre for Internet and Society.
Mishi Choudhary, Senior Technology Lawyer, also said that the Bill doesnтАЩt meet the expectations of people protection, but ensures that government retains is power as it makes laws about individuals and businesses.
тАЬThe brevity and examples provided are a welcome change but cleverly leaves all details to be legislated by the Executive through Rules. Rules that we have seen as in the IT Act are exploited to pass broad provisions making the Executive all powerful,тАЭ she said.
The proposed Bill comes in place of the Data Protection Bill, which was withdrawn by the government in August this year. The draft released on Friday also proposes to set up a Data Protection Board of India (instead of Authority), which will carry on functions as per the provisions of the bill.
тАЬAn important change relates to the substitution of earlier suggested Data Protection Authority of India with Data Protection Board of India. The functions, and most importantly composition of the Board are to be determined by the government through delegated legislation. This may face constitutional challenge as it is arguably a case of excessive delegation,тАЭ Abhishek Tripathi, Managing Partner, Sarthak Advocates & Solicitors, said.
Comments
aniltikotekar4sme.com 