Parliamentary panel recommends greater accountability of social media platforms
New Delhi: A parliamentary panel on Thursday recommended tougher standards to regulate social media platforms holding them accountable for the content they host, while saying it is imperative to store data in India and restrict access categorizing it as sensitive and critical personal data.
He recommended broadening the scope of proposed data protection legislation to include both personal and non-personal data with “one administration and one regulator”, and called for greater accountability for social media platforms by treating them as “publishers”.
The report, however, did not recommend any major watering down of the contentious opt-out clause, which gives the government the power to keep any of its agencies out of the scope of data protection law.
Privacy advocates objected to the said provision, and some opposition MPs also raised concerns in their dissenting notes.
The 30-member joint committee on the Personal Data Protection Bill, 2019, led by BJP MP PP Chaudhary, tabled its report in both houses on Thursday.
Key findings of the report include expanding the scope of the bill to also cover non-personal data, stricter regulation for social media platforms as well as the creation of a statutory media regulator on the model of the Press Council of India.
The committee in its report observed that since India has become a large consumer market, there is a large collection, processing and storage of data happening on a daily basis.
“…the committee felt that it is imperative to store the data in India and restrict access to it by categorizing it as sensitive and critical personal data, thus giving impetus to data localization,” says The report.
The committee’s report states that “India can no longer let its data be governed by another country.”
The panel also favored a framework to regulate hardware makers that also collect data with software. He advocated a certification mechanism for all digital devices and the Internet of Things (IoT).
“The committee, in view of the immediate need to regulate social media intermediaries, expressed its belief that these appointed intermediaries can work as content publishers in many situations, due to the fact that they have the possibility to select the recipient of the content and also exercise control over access to any content hosted by them,” the report states.
The panel recommended that all social media platforms, which do not act as intermediaries, be treated as “publishers” and held accountable for the content they host.
“Furthermore, the committee recommended that a statutory media regulatory authority, modeled after the Press Council of India, could be established for the regulation of content across all such media platforms irrespective of the platform. where their content is published, whether online, in print or otherwise,” he said.
A mechanism should be devised whereby social media platforms, which do not act as intermediaries, will be held accountable for the content of unverified accounts on their platforms.
“Once the verification request is submitted along with the necessary documents, social media intermediaries are obligated to verify the account,” the report said.
The changes he proposed to the bill include classifying social media platforms as significant data trustees.
The committee suggested that no social media platform should be allowed to operate in India unless the parent company sets up a local office.
It has also sought to bring non-personal data into its scope, saying restricting the new legislation to just protecting personal data or naming it a personal data protection bill is “detrimental to privacy”. .
Accordingly, he suggested that the title of the bill be changed to Data Protection Bill, 2021.
“The committee therefore recommends that, since the DPA (Data Protection Authority) will process both personal and non-personal data, any other policy / legal framework on non-personal data can be part of the same text instead of being separate. legislation,” he said.
The suggestions made by the panel are not binding. The committee favored a 24-month deadline for the implementation of the provisions of the legislation so that data trustees and data processors have sufficient time to make the necessary changes to their policies, infrastructure and processes.
The committee, in its report, said that although there are provisions (in the bill) for the cross-border transfer of data, “certain concrete steps need to be taken by the central government to ensure that a mirror copy of sensitive and critical personal data which are already in the possession of the foreign entities are compulsorily brought to India within a specified period of time”.