By panel recommends greater accountability of social media platforms, regulation of non-personal data | India News
New Delhi: A parliamentary panel on Thursday recommended stricter standards to regulate social media platforms by holding them accountable for the content they host, while saying it is imperative to store and restrict data in India access by categorizing them as sensitive and critical personal data.
He recommended broadening the scope of proposed data protection legislation to include both personal and non-personal data with “a single administrative and regulatory body”, and called for greater accountability for data protection. social media platforms by treating them as “publishers”.
The report, however, does not recommend any major dilution of the litigation exemption clause, which gives the government the power to keep one of its agencies outside the scope of data protection law.
Privacy advocates opposed the provision, and some opposition MPs also raised concerns in their dissent notes.
The 30-member joint committee on the Personal Data Protection Bill, 2019, led by BJP MP PP Chaudhary, tabled its report in both chambers on Thursday.
Key takeaways from the report include expanding the scope of the bill to also cover non-personal data, stricter regulations for social media platforms as well as the creation of a media regulatory authority on the model. of the Press Council of India.
The committee in its report observed that since India has become a large consumer market, there is a large collection, processing and storage of data that occurs on a daily basis.
“… the committee felt that it was imperative to store data in India and restrict access to it by categorizing it as sensitive and critical personal data, thus giving impetus to the localization of the data,” said The report.
The committee’s report made it clear that “India can no longer let its data be governed by another country.”
The panel also favored a framework to regulate hardware manufacturers who also collect data with software. He called for a certification mechanism for all digital devices and the Internet of Things (IoT).
“The committee, given the immediate need to regulate social media intermediaries, expressed the belief that these designated intermediaries can work as content editors in many situations, given that they have the flexibility to select the recipient of the content. and also exercise control over access to any such content hosted by them, ”the report said.
The panel recommended that all social media platforms, which do not act as intermediaries, be treated as “publishers” and be held accountable for the content they host.
“Further, the committee recommended that a statutory media regulatory authority, modeled on the Press Council of India, could be established to regulate the content of all such media platforms, regardless of the platform on which their content is published, whether online, print or otherwise, ”he said.
A mechanism should be devised where social media platforms, which do not act as intermediaries, will be held accountable for the content of unverified accounts on their platforms.
“Once the verification request is submitted with the necessary documents, social media intermediaries must verify the account,” the report said.
His proposed changes to the bill include classifying social media platforms as important data trustees.
The committee suggested that no social media platform should be allowed to operate in India unless the parent company establishes a local office.
It also sought to include non-personal data in its scope, claiming that restricting the new legislation to only the protection of personal data or calling it the personal data protection bill is “harmful to privacy” .
As a result, he suggested that the title of the bill be changed to the Data Protection Bill, 2021.
“The committee therefore recommends that, since the DPA (Data Protection Authority) will process both personal and non-personal data, any other policy / legal framework on non-personal data can be part of the same text instead of ‘other legislation,’ he said.
The suggestions made by the panel are not binding. The committee favored 24 months for the implementation of the provisions of the legislation so that trustees and data processors have sufficient time to make the necessary changes to their policies, infrastructures and processes.
The committee, in its report, said that although there are provisions (in the bill) for the cross-border transfer of data, “certain concrete steps need to be taken by the central government to ensure that a mirror copy of the sensitive and critical personal data which is already in the possession of foreign entities must be brought to India within a specified period ”.
A 72-hour deadline for reporting a personal data breach was suggested by the latter. The panel also favored flexible penalty provisions for “data trustees” (those who determine the purpose and means of processing personal data).
Accordingly, he recommended rewording the specific clause to include the term “as may be prescribed, without exceeding” before the penalties that have been prescribed for breach of standards by the data trustee.
The panel noted that at present there is no unified agency that regulates the various forms of media, especially news media, in the country.
“In the committee’s view, existing media regulators such as the Press Council of India are not adequately equipped to regulate the journalism industry which seeks to use modern communication methods such as media platforms social or the Internet in general, ”he said.
In this regard, the committee considered that it was necessary to set up a statutory media regulator in order to achieve these objectives.