The Joint Parliamentary Committee (JPC) on the Personal Data Protection (PDP) Bill is considering various amendments to the draft bill, including provisions that could impact the intermediary liability of social media companies operating in India, according to a report by Hindustan Times on September 18.
Intermediary liability refers to the legal responsibility of a platform, like a social media network, in relation to content posted on them by third parties — Section 79 of the Information Technology Act, 2000 provides conditional safety to intermediaries from this liability.
The amendments, if included in the bill, would override section 79 of the IT Act – the report quoted an unnamed government official as saying – and have an impact on the standing of the IT Rules, 2021. Section 79 of the IT Act lays down relief from liability on the condition that intermediaries do not “initiate the transmission, select the receiver of the transmission, and select or modify the information contained in the transmission.” The IT Rules lay down how governments can interact with such intermediaries on content moderation, takedown requests, public grievances, and more.
What changes are being considered?
The Hindustan Times reported that the following amendments are being proposed to the Personal Data Protection Bill:
Significant data fiduciaries:
Significant data fiduciaries are data fiduciaries or persons, companies, or governments which process data, that are subject to greater scrutiny, assessments, and regulation under the Act.
- The proposed amendment provides a definition of social media platform
- It defines a threshold of users or ‘impact’ to determine which social media companies constitute ‘significant data fiduciaries’ or a class of intermediaries who will fall under this provision.
- The proposal for significant impact covers social media firms that could influence the sovereignty and integrity of India, electoral democracy, security of the state, or public order.
On safe harbour provision:
- The JPC is reportedly considering proposals on removing safe harbour provisions for social media networks if they are “selecting, modifying, editing, blocking, muting, amplifying content or removing users from its platform.” These could be in accordance with their own policies, the law, or government orders, the HT report said.
- This would be considered under Section 28 of the draft bill, which deals with the maintenance of records by entities classified as Significant Data Fiduciaries, including social media networks.
- A proposal is also being considered to continue the IT Act clause for social media companies to not “initiate transmission” (of content) if they want to retain their intermediary status.
On acts against government policy: Social media companies will have to ensure that they do not indulge or associate in any act which is against the public or state policy.
Change in the name: The JPC is reportedly considering changing the name of the draft PDP Bill to the ‘Data Protection Bill’ as it will also look into the regulation of non-personal data.
Concerns raised on proposed amendments
NS Nappinai, a Supreme Court lawyer and founder of Cyber Saathi, told the Hindustan Times that the amendment could “amount to government authorities shooting themselves in the foot.”
“The additions proposed will effectively negate all the benefits that accrue to victims and also government’s rights which form part of the IT Act and Rules framed therein,” Nappinai said.
She also asked the Joint Parliamentary Committee, which is currently studying the bill, to ensure harmony between the IT Rules provisions and the new amendments, such that they are not rendered ineffective due to ambiguity.
In brief, what is the Personal Data Protection Bill?
Since the Puttaswamy judgement by the Supreme Court of India in 2017, the government has been under an obligation to pass legislation to protect Indians’ personal data. When it was introduced in 2019, the PDP bill was referred to a Joint Parliamentary Committee for review under the chairmanship of MP Meenakashi Lekhi, after which the committee was multiple extensions to submit their report.
The PDP bill aims to govern how Indian citizens’ data can be used and processed and lays down provisions like setting up a data protection regulator, data localisation requirements, exemptions for government authorities, and so on. Recently, the committee was given another extension until the winter session to submit its report.
Rejig of the Joint Parliamentary Committee
In July, during a reshuffle of the Union Council of Ministers, former JPC chairperson Meenakashi Lekhi was inducted into the Council of Ministers along with 4 other members, leaving 7 seats vacant on the committee. Two vacancies had already been there owing to a member retiring and another member resigning from the committee.
In August, BJP Lok Sabha MP PP Chaudhary was made the chairperson of the JPC; news reports revealed that the committee would be revisiting the bill under the new chairperson.
- JPC given extension till winter session for presenting report on Personal Data Protection (PDP) Bill, new Chair appointed
- 3 Lok Sabha MPs appointed to Joint Parliamentary Committee on PDP Bill
- A Complete Guide to the Personal Data Protection Bill, 2019
Have something to add? Post your comment and gift someone a MediaNama subscription.