JPC report on Personal Data Protection Bill tabled in Parliament after two years’ wait

The 30-member panel Joint Parliamentary Committee (JPC) report on India’s first proposed data protection law has been tabled in both the houses of Parliament today. This much-awaited report on Personal Data Protection Bill, 2019 has been tabled two years after the bill was first introduced in the Lok Sabha.

Kirti Mahapatra, Partner at Shardul Amarchand Mangaldas & Co said, “The Joint Parliamentary Committee tabled its long-awaited report on the Personal Data Protection Bill today in Parliament. The detailed Report is indicative of the significant effort the Committee has put in to conclude and finalize its findings and recommendations, and we look forward to studying the Report in more detail.”

The Personal Data Protection Bill, 2019, seeks to provide for protection of personal data of individuals, and establishes a Data Protection Authority, according to the PRS Legislative Research. As data protection in the financial sector is a matter of genuine concern worldwide, particularly when through the SWIFT network, privacy has been compromised widely. As Indian citizens are engaged in huge cross border payments using the same network, the Committee are of the view that an alternative to SWIFT payment system may be developed in India which will not only ensure privacy, but will also give boost to the domestic economy.

The Committee has also observed that to define and restrict the new legislation only to personal data protection or to name it as Personal Data Protection Bill is detrimental to privacy. So, the Committee argued instead that if privacy is the concern, non-personal data also needs to be dealt with in the Bill. In Committee’s view, all the data has to be dealt with by one Data Protection Authority (DPA).

The Committee has recommended an approximate period of 24 months to be provided for implementation of any and all the provisions of the Act so that the data fiduciaries and data processors have enough time to make the necessary changes to their policies, infrastructure, processes etc.

Gaurav Shukla, Partner, Deloitte India said, “The Committee has recommended a phased approach to implement the provisions of the proposed bill. This gives both data fiduciaries and processors the time to lay out a strategy and execute it. The suggestions of the Committee are expansive as social media platforms are covered, and there are also recommendations to bring in regulations around IoT devices.”

The report also relates to clause-by-clause examination of the Bill and contains 81 recommendations, along with more than 150 drafting corrections and improvements in various clauses of the Bill.