22.1 C
New Delhi
Friday, November 22, 2024
HomeTechJCP recommendations on PDP Bill will negatively impact India’s tech ambitions: IAMAI

JCP recommendations on PDP Bill will negatively impact India’s tech ambitions: IAMAI


Mumbai: The Joint Committee of the Parliament’s (JCP) report on the Personal Data Protection Bill, 2019 is out of sync with India’s ambitions for the current decade in the field of technology, industry body Internet and Mobile Association of India (IAMAI) said on Thursday in a statement. The JCP report was submitted to Parliament in December, and its recommendations include stringent data localisation norms, expanded scope to non-personal data, new frameworks for software and hardware testing among others.


The JCP recommendations have fundamentally altered the structure of the bill from that of a personal data protection bill to a generic data protection bill, the association said. “This calls for wider stakeholder consultations and impact assessment reports before these recommendations are hardcoded into law,” said the association on Thursday.

IAMAI is of the view that the recommendations are likely to negatively impact a cross section of tech industry segments such as large tech companies, tech services companies as well as digital start-ups who form the backbone of India’s tech leadership aspirations.

In a recent interview to another publication, Ashwini Vaishnaw, union minister for electronics and IT acknowledged that there were a few tricky issues with the legislation and it needed to be debated extensively before finalising the Bill.

“We need to resolve some six-seven issues which are tricky and they need resolution. The (Parliamentary panel)committee has made suggestions,” he said.

IAMAI also said that the JCP’s recommended stringent data localization requirements will lead to higher business failure rates, create barriers on the growth of start-ups, increase costs of compliance for companies and slow down socioeconomic benefits reaped from the digital economy. “It will also inevitably have a drastic negative impact on the ability of Indian consumers to access a truly global internet,” said IAMAI.

Discover the stories of your interest



The additional requirement, suggested by the JCP, tasking the Data Protection Authority (DPA) to consult the Government of India (GOI) on all cross border sensitive personal data transfers not only contradicts established global practices and undermines the role of the DPA, but also subjects data flows to a cumbersome and inefficient process, it said.

Additionally, the suggested retrospectively applicable requirement to bring back data taken abroad poses significant operational and technical challenges, especially since relevant businesses would be subject to policies which were not enforced at the time of data collection.

It added that while JCP expands the scope of the bill to include non-personal data, it fails to account for the different value propositions offered by the two. “This recommendation is also premature as the Expert Committee report on non-personal data is yet to be finalized.”

The JCP also recommends that the DPA should create a framework to monitor, test, and certify hardware and software for computing devices. “IAMAI urges the government to refrain from developing new standards as there is a time-tested regime, which devices sold in India are subjected to. Moreover, such a requirement will hamper India’s ability to attract global businesses and investments,” it said.

It further added that the existing rules and regulations are sufficient to address the hardware and software certifications requirements, which should not be implemented under the PDP Bill.

IAMAI also stated that the Government should reconsider the recommendation to treat intermediaries as publishers under certain circumstances. Social media intermediaries continue to have safe harbour provisions and are not regulated as publishers, based on their “ability” to control content, given that this ability stems from a legal obligation. Such a provision may have drastic impacts on the use of social platforms, free speech and creativity. It also poses a risk to the digital ecosystem, particularly considering that it is not associated with data protection.

IAMAI also raised concerns about the proposed imposition of age restrictions of 18 years on certain services. “Such a bar will exclude an important demographic from the digital ecosystem and will contradict most data regimes, which create enabling provisions for the youth aged between 13 and 18 years. The government should bring in a graded and proportionate risk-based approach for children’s age of consent, depending on the kind and nature of services provided,” it said.

The rigid approach of setting 18 years as the blanket age of consent will be against the principle of ‘the best interest of the child’ in a digital world, as it will create barriers for a child to attain educational and recreational fulfillment available on the internet.

The association urged The Government to review the ‘transparency’ requirement suggested by the JCP. “It is very broad and may encroach upon the data fiduciaries’ intellectual property rights. It may be harmful to data fiduciaries if they are mandated to publicly disclose their algorithms and other proprietary information, without adequate safeguards.”



Source link

- Advertisment -

YOU MAY ALSO LIKE..

Our Archieves