– that count India as their largest market in terms of the number of users.
ET has reviewed a copy of the report that is due to be tabled in Parliament during the upcoming winter session.
Social media platforms will not be allowed to operate in the country if their parent companies do not have an office in India, the JCP stated.
“Considering the immediate need to regulate social media intermediaries( the committee) has a strong view that these designated intermediaries may be working as publishers of the content in many situations, owing to the fact that they have the ability to select the receiver of the content and also exercise control over the access to any such content hosted by them,” the report said.
“Therefore, a mechanism must be devised for their regulation. The Committee, therefore, recommends that all social media platforms, which do not act as intermediaries, should be treated as publishers and be held accountable for the content they host,” the JCP noted.
Two-year timeframe
Pointing out that social media platforms have been designated as intermediaries under the IT Act , the authors of the JCP report noted that the existing laws have not been able to keep pace with the changing nature of the social media ecosystem and regulate it adequately.
The report, which was finally adopted by the members after two years of deliberations, is expected to be tabled during the upcoming Winter Session of the Parliament starting from next week.
A period of 24 months will be provided for implementation of the Act “so that the data fiduciaries and data processors have enough time to make the necessary changes to their policies, infrastructure, processes etc.,” the report said.
The Committee has also adopted the provisions of the draft Bill on the key issue of data localisation.
“India may no more leave its data to be governed by any other country” and “national security is of paramount importance,” the report stated. It sought some concrete steps by the Central Government to ensure that “a mirror copy of the sensitive and critical personal data which is already in possession of the foreign entities be mandatorily brought to India in a time bound manner.”
It has also called for the government to ensure that data localisation provisions are followed in letter and spirit by all local and foreign entities and “India must move towards data localisation gradually.”
Oversight on personal and non-personal data
The Committee has also taken a view that the Bill should contain provisions to regulate both personal data and non-personal data. Considering that the legislation has to cover the protection of all kinds of data, it has recommended that it be named as The Data Protection Bill, 2021 and The Data Protection Act, 2021.
The inclusion of the non-personal data in the legislation which was meant to be a “privacy Bill” has not gone down well with the industry which has been requesting the government to keep the two legislations separate.
Experts are of the view that JCP’s recommendations notably on the regulation of social media, insistence on data localisation as well as the inclusion of non-personal data in the same Bill, will receive huge pushback from the global technology firms.
Prasanto K Roy, a public policy expert said that the committee’s recommendation on regulating social media is a no-win proposition.
“Without safe harbour, the social media platforms are open to hundreds of frivolous, sometimes dangerous, lawsuits. So, they can’t operate without safe harbour protection as intermediaries, or accept “accountability for content” as they would need to shut down,” he said
The requirement to have a physical office in India in order to operate will “cause smaller or less resourced platforms to shut down, we need to see the exceptions for this,” according to Roy who said that “ if ( the rules) also apply to Wikipedia, ( it) cannot operate in India and millions of students and researchers will lose their primary search and knowledge resource.”
Dissenting voices
ET reported on Tuesday that the committee headed by BJP MP PP Chaudhary adopted the draft report in its final meeting. However, several parliamentarians from the Congress, All India Trinamool Congress (AITC) and other parties have submitted dissent notes.
The dissenting notes pertain primarily to sections 35 and 12 of the draft legislation, which provide government and its agencies exemptions from the provisions of the Act by granting higher preference to their activities on public and national interest grounds, while treating individual privacy as secondary.
Kazim Rizvi, founding director of the Dialogue said that non-personal data is a nuanced and intricate subject matter and varies largely from personal data. “ The inclusion of provisions to regulate and facilitate a mandatory sharing of non-personal data with the Government must ideally be removed from the purview of this Bill,” he said.
“ Merely storing data within our border does not provide us with absolute control over the data or even access,” he added.
The committee on the other hand has maintained that “India, being a sovereign and democratic nation, is duty bound to safeguard the privacy of its citizens.” It has recommended that the Central Government, in consultation with all the sectoral regulators, must frame a larger policy on data localization.