Clipped from: https://www.thehindubusinessline.com/news/lok-sabha-passes-digital-personal-data-protection-bill-2023/article67168542.ece
concerns flagged about duties and penalties imposed on the data principle, the implications for Right to Information
The Lok Sabha on Monday passed the Digital Personal Data Protection (DPDP) Bill in just 53 minutes without any substantive debate. While the government again stressed that the Bill provides enough safeguards for protection of personal data, concerns flagged about duties and penalties imposed on the data principle, the implications for Right to Information, and exemptions given to the government were not debated at any length.
The one issue that received attention in the House was about independence of the regulator envisaged in the Bill, the Data Protection Board. Bhartruhari Mahtab of BJD (Cuttack, Odisha) asked, тАЬThe regulator that you have is not independent. How are you going to build an independent regulator? There is clarity and checks needed on cross-border data transfer restrictions…neither the Bill is very clear about itтАЭ.
Rule making power
тАЬSection 28 of the Bill clearly defines that the Board will be an independent body..Rule making power is not an absolute power. On data localisation (cross border), Section 16 clearly mentions that those sectors which requires sectoral regulations for their sectors, they can make. This Bill is a horizontal arrangement and every sector will have the right to make their sectoral regulations accordingly,тАЭ said Ashwini Vaishnaw, Minister of Communications and IT.
On question about non-judicial body above the Board, the Minister explained that there is Telecommunications Dispute Settlement and Appellate Tribunal (TDSAT) which has a judicial member and above TDSAT there is Supreme Court.
тАЬSo any citizen can take up their grievances up to the Supreme Court,тАЭ he added.
There are other issues and concerns with the Bill.
For instance, Clause 15 (d) of Chapter III states that the data principal (DP) must ensure not to register a false or frivolous grievance or complaint with a Data Fiduciary (DF) or the Data Protection Board of India, and failure to adhere with this may enable a penalty of тВ╣10,000 (Chapter VIII). This is an onerous obligation which may effectively prevent a DP from raising grievances.
Concerns on exemptions
There is a lot of concern also about exemptions given to the government and its authorities. This is especially in the light of the CoWIN portal breach that happened in June 2023.
There are concerns, as in Clause 44 (3) which seeks to amend the entire Section 8 (i) (j) of the Right to Information (RTI) Act, 2005 and replace it with тАЬinformation which relates to personal informationтАЭ which has received heavy criticism from stakeholders.
Comments
aniltikotekar4sme.com 