wordpress blog stats
Connect with us

Hi, what are you looking for?

Exemptions to govt agencies must be curtailed: ORF on Data Protection Bill


This summary has been made based on the submission uploaded on the ORF website. The author and/or MediaNama have only produced a summary of this document and are not liable for the veracity of the said document.

Exemptions in national interest must not extend to all provisions of the Personal Data Protection Bill, 2019, and must be granted by law rather than through executive orders, Observer Research Foundation (ORF) said in its submission to the Joint Parliamentary Committee. As per the submission, Section 42 of the 2018 Bill is a good point of reference as it made necessity and proportionality necessary conditions for exempted processing, thereby conforming to the 4-step test laid down in the Puttaswamy judgement. ORF also recommended that exempted government agencies must still be obliged to carry out “fair and reasonable processing”.

Inclusion of non-personal data in the Bill (under Section 91) has also been called “premature” in the submission as MEITY has constituted a committee of experts to come up with a “data governance framework” to focus on non-personal data. Without more provisions within this Bill and legislations in other fields, Section 91 “is unlikely to serve the stated objective of supporting public service functions”.

Check sweeping exemptions for government agencies

  • Prevent information overload by employing employ judicial, executive and technological safeguards to prevent information overload. For instance, ORF cites research on US’ National Security Agency’s surveillance of phone metadata programme that reveals the programme’s “little discernible impact on preventing terrorism” and “disproportionate” drain on the agency’s resources. ORF also said that storing too much sensitive personal data makes agencies vulnerable to cyber attacks.
  • Include independent oversight mechanisms within Section 35 itself instead of relying on executive orders for “better accountability and national security outcomes”. Investigations and oversight committee could be set up within the DPA itself. Public audits and mandatory submission of annual reports to Parliament are also necessary for oversight.
  • Incorporate procedural safeguards within the Bill, or allow DPA to notify the procedure for granting exemptions.
  • Narrowly define terms such as “sovereignty”, “integrity”, “state security”, “international relations” and “public order”, or the Bill would fail the standards laid down in the Puttaswamy judgement. ORF cited Baijayant Panda’s Private Member’s Bill introduced in 2017 that listed 5 grounds under which right to privacy could be curtailed, and Manish Tiwari’s Intelligence Services (Powers and Regulations) Bill, 2011, that listed 8 conditions to ascertain threats to national security as examples.
  • Empower DPA: Powers to prevent misuse of personal data, and to specify codes of good data protection practices should rest with the DPA, not the central government.

Non-Personal Data needs more clarity

  • Define grounds for access to non-personal data along with legislative standards because most businesses store mixed data sets, that is, they contain both perosnal and non-personal data, that are accorded differential protection depending on how they were collected. The industry, civil society and government must harmonise definitions of non-personal data to ease up data sharing mechanisms without undermining privacy rights.
  • DPA must prescribe standards for anonymisation and penalties for breach, on the basis of type of data and level of risk, before state is given access to non-personal data.
  • Include safeguards against secondary use of non-personal data or the law would not meet global adequacy standards which could result in limited cross-border data transfers to India, as per ORF.
  • Conduct social impact assessment or ethics audit of data and check for biases before using it for public policy reasons.
  • Establish regimes for data sharing between multiple stakeholders that consider impact on competition, intellectual property rights and cyber security. Under the Intellectual Property Rights regime, formalising ownership structures to assert control over data will be crucial. ORF cited EU’s 4 alternative models for sharing data between private sector and the government: “standardising data sharing contracts; data donorship models, similar to Corporate Social Responsibility (CSR) obligations; new intermediary institutions, such as data trusts; and regulatory models for public interest reasons in the fields of healthcare, finance, among others”.

Read all the other submissions made to the Joint Parliamentary Committee on the Personal Data Protection Bill, 2019, here.

Disclosure: Nikhil Pahwa, Founder and Editor of MediaNama, was a part of the round table discussion hosted by ORF on the basis of which it made its submission.

Advertisement. Scroll to continue reading.
Written By

Send me tips at aditi@medianama.com. Email for Signal/WhatsApp.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Do we have an enabling system for the National Data Governance Framework Policy (NDGFP) aiming to create an repository of non-personal data?


A viewpoint on why the regulation of cryptocurrencies and crypto exchnages under 2019's E-Commerce Rules puts it in a 'grey area'


India's IT Rules mandate a GAC to address user 'grievances' , but is re-instatement of content removed by a platform a power it should...


There is a need for reconceptualizing personal, non-personal data and the concept of privacy itself for regulators to effectively protect data


Existing consumer protection regulations are not sufficient to cover the extent of protection that a crypto-investor would require.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ