We have just discussed the editorial in Times of India today and now we also have an editorial in Economic Times with similar sentiments expressed about the PDPB. In fact this editorial is direct in expressing its intention because it suggests “Don’t Rush Personal Data Protection Bill”…. “Hasten..slowly…”
A few days back we saw similar reports appearing in two different publications namely livemint.com and moneycontrol.com both carrying the same view but under two different bylines, indicating clearly that it was a planted story by a PR firm.
Now two editorials of two different publications of the same group writing on the same day about the need to delay PDPB indicates another PR exercise where the two editors have written what the PR firm wanted them to write. It is disappointing to see Economic Times editorial being so compromised.
While “Hasten…Slowly” phrase indicates that the editorial perhaps has not been written by a person who is of the editor caliber, there are many statements in the editorial which is factually incorrect.
One of the comments made is
“The Personal Data Protection Bill (PDPB), right now under consideration by a Joint Parliamentary Committee (JPC), is big, in its sweep, intent and implications, particularly for future competitiveness of the economy, in terms of data being available to train algorithms that would drive artificial intelligence, even as individual citizens are protected from harm arising from misuse of their data.”
We donot know what the editor wants to say here. Is he saying that PDPB should not cover use of AI or Big data for processing personal data? or Is he confusing the non personal data governance act which is only a recommendation now by the Kris Gopalakrishna Committee ?.. Does he not know that all data protection laws consider “Profiling” as regulated personal data?
Another comment made is…
“The JPC would do well to hasten slowly, and take on board the suggestions of as large a swathe of stakeholders as is possible. Right now, civil society groups, several large companies and even some members of the committee complain that they have not been given a chance to present their views.”
The suggestion is that JPC should give opportunity to more companies to depose before the committee. It must be remembered that the PDPB 2018 version was first placed for public comments in December 2018, then PDPB 2019 was placed for public comments in December 2019, and now we are in December 2020. All this time there were opportunities for companies to express their views and send it to the committee. It was not necessary for these companies to wait for a personal presentation before the committee. If so far they did not have any comment to make, then there is no reason why they should now be expected to have comments to be directly presented to the committee so that 30 parliamentarians of the committee already constrained by the Covid situation should spend more time in hearing to the lobbying of these companies. Industry associations like Nasscom, FICCI etc have made their presentations reflecting the business views and hence the editorial comment does not make sense.
Then comes the expression of ignorance by the Editor in the comment…
“Unlike Europe’s General Data Protection Regulation, India’s PDPB subsumes collection of data under processing of data. While the goal of limiting collection and processing of personal data in proportion to the purpose at hand might, at a glance, not be compromised by a bar on disproportionality in processing, there could well be certain cases, in which it makes sense to separate collection from further processing, so as to limit the scope of unintended permission for processing of data beyond collection.”
This comment indicates that the author is unaware of how GDPR and all other data protection laws define “Processing”. Every law defines “Collection” as “Processing” and it is unbelievable that the editor has not checked the definition of processing in GDPR.
Another comment made is …
“The wording of the regulation should not give scope for babus to penalize companies for no fault of theirs. Giving a detailed notice on data collection and obtaining consent might sound noble, but is likely to be observed more in the breach vis-à-vis illiterate or semi-literate or time-starved rural folk.”
It is necessary for the editor of the premier Financial news paper of the country to understand that in PDPB, no “Babu” is authorized to impose any penalty. All penalties are decided by the “Adjudicator” who is a quasi judicial authority and his decision may be reviewed by an Appellate Tribunal and subsequently by the Supreme Court. Without knowing the provisions of the Act, the publication has made comments.
One more adverse comment made in the editorial is about the minors. It says…
“Financially autonomous youngsters who are not yet 18 need their parents’ permission for their data to be collected, whereas social media accounts merely require reaching the age of 13.”
This is a ridiculous statement which indicates that the editorial appears to be a “Proxy Editorial” written by some body with no proper understanding of the Bill. While the age of minority is a matter of general law, just because social media wants to open out to 13 year old teens, there is no reason that Indian law need to be changed.
Lastly the editorial ends with another foolish statement that “Holding those who collect data responsible for the accuracy and completeness of the data is unreasonable“. Does the editor mean that data accuracy need not be insisted? why should such exemption be given only in Indian law where as more than 130 countries who have adopted such laws insist that data should be accurate?. In fact this is already a requirement under Section 43A of ITA 2000 and not a new provision.
The comment also states as a footnote ” Distinctions between sensitive data and critical data, as well as between being forgotten and data erasure, seem overkill that will wrongside companies“… once again broadcasting the ignorance of the author about data protection legislation.
Finally the editorial links this editorial with the TOI editorial stating ” All this is over and above the untrammelled access of the State to personal data that the law provides for.”
Overall it appears that this editorial as well as the TOI editorial has been written not by the respective editors but by some PR executive because the editors cannot be so naïve and uninformed.
It is shameful that these large publications have started selling out even the editorials to the PR causes of companies.
I am sure that the readers will see through this PR game and the credibility of these publications will be seriously eroded.