Personal data protection bill: classifying social media platforms as publishers: parliamentary committee
– who count India as their largest market in terms of number of users.
ET reviewed a copy of the report to be tabled in Parliament during the next winter session.
Social media platforms will not be allowed to operate in the country if their parent companies do not have an office in India, the JCP said.
“Considering the immediate need to regulate social media intermediaries (the committee) is convinced that these designated intermediaries can work as content editors in many situations, due to the fact that they have the ability to select the recipient of the content and also exercise control over access to any such content hosted by them, ”the report said.
“Therefore, a mechanism must be devised for their regulation. The Committee therefore recommends that all social media platforms, which do not act as intermediaries, be treated as publishers and be held accountable for the content they host, ”noted the JCP.
ROCKSTARS STARTUP IN 2021
Log in to see our list of the most promising startups of 2021
Pointing out that social media platforms have been designated as intermediaries under IT law, the authors of the JCP report noted that existing laws have not been able to keep up with the changing nature of the social media ecosystem and to regulate it adequately.
The report, which was finally adopted by MPs after two years of deliberation, is expected to be tabled in Parliament’s next winter session starting next week.
A period of 24 months will be provided for the implementation of the law “so that trustees and data processors have sufficient time to make the necessary changes to their policies, infrastructures, processes, etc.” The report says.
The committee also adopted the provisions of the preliminary draft law on the key issue of data localization.
“India can no longer let its data be ruled by another country” and “national security is of paramount importance,” the report said. He called on the central government to take concrete steps to ensure that “a mirror copy of sensitive and critical personal data that is already in the possession of foreign entities is compulsorily brought to India within a specified time.”
He also called on the government to ensure that the provisions on data localization are followed in letter and in spirit by all local and foreign entities and “India must gradually move towards data localization” .
Control of personal and non-personal data
The committee also considered that the bill should contain provisions regulating both personal and non-personal data. Considering that legislation should cover the protection of all kinds of data, she recommended that it be titled The Data Protection Bill, 2021 and The Data Protection Act, 2021.
The inclusion of non-personal data in the legislation that was supposed to be a “privacy bill” has not been welcomed by the industry which has called on the government to keep the two pieces of legislation separate.
Experts are of the opinion that JCP’s recommendations, including on the regulation of social media, the insistence on localization of data as well as the inclusion of non-personal data in the same bill, will receive a huge step back from the law. share of global technology companies.
Prasanto K Roy, a public policy expert, said the committee’s recommendation on social media regulation is a dead end proposition.
“Without a safe haven, social media platforms are open to hundreds of frivolous, sometimes dangerous, lawsuits. Thus, they cannot operate without safe harbor protection as intermediaries, or accept “responsibility for the content” because they should shut down, “he said.
The requirement to have a physical office in India to operate “will cause smaller or less resourced platforms to shut down, we have to see the exceptions for that”, according to Roy who said “if (the rules) also apply to Wikipedia, (it) cannot work in India and millions of students and researchers will lose their main research and knowledge resource.
ET reported on Tuesday that the committee chaired by BJP MP PP Chaudhary adopted the draft report at its last meeting. However, several parliamentarians from Congress, the All India Trinamool Congress (AITC) and other parties have submitted dissent notes.
The dissenting notes mainly relate to Articles 35 and 12 of the Bill, which provide exemptions for the government and its agencies from the provisions of the Act by giving a higher preference to their activities for reasons of public and national interest, while by treating the privacy of individuals as secondary.
Kazim Rizvi, founding director of Dialogue, said non-personal data is a nuanced and complex subject and varies widely from personal data. “The inclusion of provisions to regulate and facilitate mandatory sharing of non-personal data with the government should ideally be removed from the scope of this bill,” he said.
“Simply storing data within our borders does not give us absolute control over the data or even access,” he added.
The committee, on the other hand, argued that “India, being a sovereign and democratic nation, has a duty to protect the privacy of its citizens”. He recommended that the central government, in consultation with all sector regulators, develop a broader policy on data localization.