The Personal Data Protection Bill 2019 presented in the Parliament on 11th December 2019 is yet to be passed. It is presently with the Joint Parliamentary committee but seems to have not progressed much due to the Covid19 situation.
There is one section of stake holders who are happy with the delay and there is another section of stake holders who are unhappy.
The Government has been following a very cautious approach in finalizing the legislation and is listening to all vested interest groups and allowing the deferrment under one pretext or the other. The PDPB 2018 had already gone through a public consultation and the PDPB 2019 is again going through another public consultation.
It is ironic that the industry which embraced GDPR without a murmur suddenly has started raising objections to the Indian law as if India has no right to pass a law that could affect the freedom of the business entities to loot the personal data of Indians.
Several centuries ago the conquerors of the Arab world and the sea pirates from the west have plundered the Indian wealth to the extent possible and now the new business managers from the west are trying to exploit the data wealth in the country. Hence they are raising objections after objections to the passing of the Act.
This tendency is verymuch evident in the note submitted by the Asian Security Industry & Financial markets Association (ASIFMA) and Securities Industry & Financial Markets Association, a copy of which is available here.
Despite the long note submitted, it appears that these organizations donot want to see India passing this legislation and even if passed, it has to be completely in favour of the business organizations to help them continue the exploitation of personal data of Indian Citizens. The NASSCOM has already submitted its comments which is also more in the same mould in favour of the MNCs.
After perusing the unreasonable submission made by AFISMA, Naavi.org has considered it necessary to make a point by point comment on the suggestions, which is enclosed here.
We hope the Joint Parliamentary committee will take into account the comments made herein.
Naavi
Dear Naavi sir,
I totally agree with you that hectic lobbying is on to delay and dilute the proposed Indian privacy laws tabled in the parliament in the form of PDP Act 2019. I have gone through the comments of ASIFMA and SIFMA and your point wise responses, so as to preserve the privacy of sensitive personal data of the principal are suitably protected. There is need of representing strongly on these issues by FDPPI, so that Joint Parliamentary committee is not carried away by the pressure tactics of the Industrial associations. Whenever conflict arose between the fundamental rights of our citizens as against the rights of the business entities, both Indian and foreign, we have failed to express and act with commitment and integrity towards preserving the fundamental rights and interest of our society. This is the main reason for historical exploitation of our residents by other nations, which has remained unabated even after the Independence. We have always failed to preserve the wealth of our country for the benefit of our people. We continue to be ruled by external forces, who are the huge beneficiaries.
In this regard, an extract from the recommendations of in respect of section 2A viz., ‘A revised version of the bill should take into account that personal data received from non-Indian residents is already subject to privacy regulations of their home jurisdiction. The revised PDPB should consider and recognize personal data protected under foreign privacy laws/regulations and avoid duplicative overlay’ is clear indicator of the attitude exhibited by these industrial entities towards diluting the sovereign powers of this Nation, so that the enforcement measures are dented. It is matter to be noted that other countries, which have sui generis laws of privacy, do not have such watery provisions. When these industries are adhering to other country’s privacy laws which are more stringent as compared to present law tabled, the purpose of alleging duplication of stipulation of this mandatory provision is only a lame excuse to weaken our laws, so as to benefit the foreign company. However under section 37, Government has powers to notify exemption from the application of this Act, wherein the processing of personal data of data principals not within the territory of India is undertaken. Seeking this relief in the applicability part of the statue is clearly aimed at remaining outside the purview, application and compliance requirements of Indian law.
Similar approach has been adopted by these associations to dilute the definition of “Sensitive Personal Data” [ Sn 3(36)]by suggesting for exclusion financial data. When the companies are adhering to similar provision in other jurisdictions, recommending for dilution in the name of protection available in other laws is not in the interest of the Indian citizen. The financial data are to be covered under sensitive personal data so that the fundamental rights of our people guaranteed in the constitution are protected, without any room for exploitation of the personal data for pecuniary gains without valid consent.
Similar hidden agendas could be identified on the comments offered by these industrial associations. Your observations are in the proper direction, which we can further strengthen through further discussions whenever possible. The protection of privacy of the people should be the main concern and not the business interest of the entities, I firmly believe.
M G Kodandaram