New Delhi: A parliamentary committee examining the Personal Data Protection Bill has recommended 89 amendments to the proposed legislation, including changing its title and schedule, the panel’s chairperson Meenakshi Lekhi said on Wednesday.
The draft of the bill, approved by the Cabinet in December 2019, proposes to put restrictions on use of personal data without explicit consent of citizens.
Proposing a penalty of up to Rs 15 crore and up to three-year jail term for company executives for violating privacy norms, the bill was introduced in the Lok Sabha in February last year. Later, it was referred to the Joint Committee of Parliament headed by BJP MP Lekhi.
“The process of writing the report on the bill has begun. Eighty-nine amendments have been suggested by the panel, including changing its title and schedule,” Lekhi told PTI.
The bill was drafted following a Supreme Court judgement in August 2017 that declared ‘Right to Privacy’ a fundamental right.
The need for a strong personal data protection regime was further highlighted by the apex court in its judgement in September 2018 in which it held Aadhaar as a constitutionally valid scheme but struck down some provisions in the Aadhaar Act.
According to the provisions of the bill, all Internet companies will have to mandatorily store critical data of individuals within the country. However, they can transfer sensitive data overseas after explicit consent of the data owner to process it only for purposes permissible under the proposed legislation.
Critical data will be defined by the government from time to time. Data related to health, religious or political orientation, biometrics, genetic, sexual orientation, health, financial and others have been identified as sensitive data.
A company’s executive in-charge of conduct of the data business would face a jail term of up to three years if found guilty of knowingly matching anonymous data with publicly available information to find out the identity of an individual, called as ‘re-identify de-identified data’ in technical parlance, under the proposed law.
Social media companies will be required to come up with a mechanism to identify users on their platform who are willing to be identified on a voluntary basis. It will be voluntary for individuals if they want to get verified or not.
The bill had provisions to grant the right to be forgotten to data owners as well as the right to erase, correct and porting of data.
Also read: Budget session likely to begin on 29 January, second phase on 8 March