New Delhi: A new and modern legal framework will start taking shape in the country around technology and internet, and the data protection bill is the first step towards that, Minister of State for Electronics and IT Rajeev Chandrasekhar said Thursday.
Chandrasekhar further said digitalisation of the government and public services is going to be “rapid” and soon-to-be-unveiled Digital India 2.0 will seek to accelerate on the gains made over the past seven years.
The government is committed to ensuring that internet and technology remain open, safe, secure and accountable, as 1.2 billion Indians come online in next few years, the minister added.
“A new modern legal framework will start taking shape around technology and internet in the country, the first step of that is the data protection bill that you will see shortly in the next few months. That again, poses an interesting change in overall operating environment,” Chandrasekhar said addressing the valedictory session of Aadhaar 2.0 workshop.
Earlier this week, a parliamentary panel adopted the report on data protection Bill amid dissent by several opposition MPs. The report is slated to be tabled in Parliament in the ensuing Winter Session, scheduled to start from November 29.
After nearly two years of deliberations, the Joint Committee of Parliament on Personal Data Protection Bill, 2019 on Monday adopted the report on the Bill, which provided the government with powers to give exemptions to its probe agencies from the provisions of the Act, a move that has met with resistance from opposition MPs who have filed their dissent notes.
The Bill, seeking to provide for the protection of personal data of individuals and establish a Data Protection Authority (DPA) for the same, was brought in Parliament in 2019 and was referred to the joint committee for further scrutiny on the demand of opposition members.
As per the Bill, the central government can exempt its agencies from the provisions of the Act for protecting national interests and for protecting the security of the state, public order, sovereignty and integrity of India – a provision that has triggered concern in certain quarters around privacy.
Meanwhile, the committee is believed to have recommended that all social media platforms, which do not act as intermediaries, should be treated as publishers and be held accountable for the content they host.
The panel is also learnt to have recommended that no social media platform should be allowed to operate in India unless the parent company handling the technology, sets up an office in the country.
The panel has taken a view that a statutory media regulatory authority, on the lines of Press Council of India, may be set up for the regulation of the contents on all such media platforms irrespective of the platform where their content is published, be it online, print or otherwise.
The committee, considering the immediate need to regulate social media intermediaries, took a position that these designated intermediaries may be working as “publishers” of the content in many situations, given that they have the ability to select the receiver of the content and also exercise control over the access to any such content hosted by them.
Hence, a mechanism must be devised for their regulation, the high-level committee said in its report.
The panel is also understood to have recommended that a timeframe of about 24 months be provided for implementation of the provisions of the Act so that the data fiduciaries and data processors have requisite time to make the necessary changes to their policies, infrastructure, and processes.
The committee has also recommended that since DPA will handle both personal and non-personal data, any further policy / legal framework on non-personal data should be made a part of the same enactment instead of any separate legislation.
Further, the committee is of the view that global spread of manufacturing has made it essential to regulate hardware manufacturers who are now collecting data alongwith the software.
The committee suggested that a new sub-clause be inserted to enable DPA for framing the norms to regulate hardware manufacturers and related entities.
The committee has said the government should make efforts to establish a mechanism for the formal certification process for all digital and Internet of Things (IoT) devices that will ensure the integrity of all such devices with respect to data security.
PTI