What’s the news: India’s new privacy protection Bill may substitute the concept of a centralised Data Protection Authority (DPA) with a grievance redressal mechanism, reported the Hindustan Times (HT) on August 19, 2022.
The DPA was proposed by the Joint Parliamentary Committee (JPC) as a government-established, singular authority that would look into personal and non-personal data breaches, compliance of significant data fiduciaries to provisions of the now-junked Bill, etc. While there have been some concerns about the DPA like its multiple functions, sources speaking to HT said the government may entirely do away with the DPA and work its functions into the new Bill itself.
Stating that the scrapping is not set in stone, the source said “the idea is to not overwhelm one authority and increase compliance costs for small companies.” Aggrieved individuals will take their data misuse complaints to a grievance redressal mechanism rather than the DPA.
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
Why it matters: Earlier contentions with the data protection Bill included demand for a more independent DPA. However, removing the DPA completely and replacing it with a grievance redressal mechanism powers raises concerns about of government influence in citizen’s data protection complaints. In the absence of an independent data protection authority, a government-supported redressal mechanism can hinder people’s privacy and data protection rights.
IFF condemns the idea: The government source on its part told the newspaper that a DPA would have “increased compliance costs, especially for MSMEs and SMEs” and that “light touch rules” will not disrupt India’s economic growth.
However, Apar Gupta, trustee at the Internet Freedom Foundation, told HT that such reports confirm people’s fears that “the government is not interested in an independent and effective regulatory body to enforce data protection in India. A grievance redressal mechanism will not have any comparable powers and from past experience in the banking and telecom sector, have largely been ineffective. This would leave people without any real remedy.”
A step closer to government surveillance? That is not to say that there were no issues with the DPA earlier. During the PrivacyNama 2021 event, Teki Akuetteh Falconer, former Executive Director of Ghana’s Data Protection Commission, talked about the problems faced by countries trying to set up a DPA.
The DPA is meant to be approached when complaints to a data handling company do not come to a resolution. Considering that the Centre is mulling over similar bodies to regulate content on social media companies, the DPA replacement hints at further government-control over people’s digital rights.
As it is, many experts in the field were surprised by the withdrawal of the data protection Bill earlier in August during the Parliament’s monsoon session. Although the new Bill and its provisions are yet to be finalised, the Centre said the Bill is likely to be tabled by early 2023. Similarly, the Digital India Act and the bill related to online news media is likely to be tabled in the Parliament during winter session this year.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- Government Withdraws Data Protection Bill 2021, To Present New Bill Soon
- What Makes An Effective Data Protection Authority Tick? #PrivacyNama2021
- Data Protection Bill 2021: How India’s Data Protection Authority Will Be Set Up And Work
- When Should A Complaint Be Escalated To A Data Protection Authority? #PrivacyNama2021