The Joint Parliamentary Committee on Personal Data Protection (PDP) Bill of 2019 is likely to meet this month to formally adopt a resolution to widen the ambit of the Bill to include non-personal data as well, sources in know of the development said.
The next meeting, likely to happen on October 20 under the Chairmanship of P P Chaudhary, will deliberate upon this proposal, sources said, adding that other changes to the proposed Bill such as amendments to Section 91 (2), which so far says that the provisions of the PDP Bill would not apply to anonymised data.
Following the changes, the new Bill is likely to be called just the Data Protection Bill of 2021 instead of Personal Data Protection Bill, a source in the know of the development told The Indian Express.
“The idea to include non-personal data is to have a bigger umbrella, which will act as sort of an architecture if any amendments are to be made in the future. The inclusion of provisions for non-personal data will mostly be done on the basis of the recommendations of the Ministry committee,” an official said. Mails to the Parliamentary panel seeking details of the proposed changes remained unanswered.
The Ministry of Electronics and Information Technology (MeitY) has in September 2019 constituted a panel, chaired by Infosys co-founder Kris Gopalakrishnan, to deliberate upon and discuss various aspects of non-personal data. In its report submitted in July 2020, the panel had suggested a data-sharing regulation to shift data’s “economic benefits for citizens and communities in India” as well as help the government in policy making and service delivery.
The Personal Data Protection Bill, first proposed by the government in 2018, has been pending for nearly 3 years now. It has seen several changes to the original draft drawn by retired Supreme Court judge Justice B N Srikrishna.
However, in certain categories such as data related to national security or strategic interests such as locations of government laboratories or research facilities, even if provided in anonymised form can be dangerous. Similarly, even if the data is about the health of a community or a group of communities, though it may be in anonymised form, it can still be dangerous, the panel had said.
“Possibilities of such harm are obviously much higher if the original personal data is of a sensitive nature. Therefore, the non-personal data arising from such sensitive personal data may be considered as sensitive non-personal data,” the panel had suggested.
The JPC may call industry experts on non-personal data for submissions and explain the aspects before taking a final call, one official said. “There are some concerns that there is no standard definition for non-personal data, or that who will be in charge of non-personal data and whether there will be a separate regulator. All these issues will be discussed in upcoming sittings,” the official said.
The Personal Data Protection Bill, first proposed by the government in 2018, has been pending for close to three years now. It has seen several changes to the original draft drawn by retired Supreme Court judge Justice B N Srikrishna, who also said that the revised Bill was “a blank cheque to the state”. The latest version of the bill, in complete contrast to earlier 2018 draft, says that a committee for selection of Data Protection Authority, will include the Cabinet Secretary, the Law Secretary and the IT Secretary.