PDPB 2019..last minute recommendations

While India is waiting to know if the Personal Data Protection Bill 2019 will be tabled and passed in the next Parliament session, the time for making further changes is running out. While most of the suggestions which have been placed before the JPC may be considered as having been examined, whether they would be accepted or not, new suggestions keep coming up.

These suggestions need to be introduced as amendments when the Bill is actually presented in the Parliament. Any MP whether from the ruling party or others can take up the amendment. However, given the general attitude of the opposition parties, even if individual MPs are good to take up issues of societal good, the party principles prevent them from expressing any opinion in support of any move of the Government. Hence we can only expect some ruling party MPs to suggest the changes as may be necessary.

After submitting my views to the Joint Parliamentary Committee, I have already brought to the attention of the authorities on one other minor change to Section 37 to ensure that Data Fiduciaries established in India and having data processing operations outside the country and related only to the processing of non Indian data subjects are given relief from the overlapping jurisdiction of multiple laws. (Subject to safeguards for preventing misuse which can be provided under the regulations of the DPA.). For this purpose, a small change has been suggested in Section 37  as indicated in the foot note here.

Another Suggestion for Education Sector

I would now like to highlight another amendment that I think would be good to make in the light of the changed circumstances in India arising out of the Covid situation applying to the education sector.

We all know that for the last two years, the Indian educational system has been disrupted and schools have been closed. Most part of the affected students have been minors. However in the process, alternate virtual schools emerged right from Pre-School kids to pre-graduation levels. These virtual education organizations some of which are extensions of the existing educational organizations provided continuity to the education system. These systems will continue even after the physical schools open up.

I recall that about a decade back, I had discussed a concept of “Cyber Vidya” and a  proposal for a pilot project had also been given to the Karnataka Government to conduct all classes upto Standard X through a centralized virtual school. Detailed plan for the development of content, delivery of content and evaluation of students were presented. At that time the network availability was not as good as today and there were no operators like the Baijus etc.

As could be expected, the proposal was shelved. But the relevance of that decade old proposal is now evident in the Covid situation.

In this context, I feel that one of the sections of the proposed PDPB 2019 could hinder the progress of Virtual Education in India.

I refer to Section 16(5) which states as follows

The guardian data fiduciary shall be barred from profiling, tracking or behaviorally monitoring of, or targeted advertising directed at, children and undertaking any other processing of personal data that can cause significant harm to the child.

This provision will prevent the virtual educational organizations from evaluating the students though it is required for promoting the students from one level to another.

The profiling of the behaviour also happens in Games when people are promoted from one level to another. Many sportspersons like Abhimanyu and earlier Vishwanathan Anand who became Grandmasters in Chess were critically evaluated and monitored in their virtual gaming environment.

There is therefore a need to provide for some exemptions under Section 16(5) because the words “Barred” restricts the ability of the DPA to approve any particular processing situations from the operations of this section.

Perhaps replacing the words “shall be barred” with words “May be prohibited” may suffice. The DPA at the time of registering the Guardian Data Fiduciary and the Privacy By Design Policy can clear specific projects where the intention is not to exploit the children for advertisements on Chocolates or Maggie but to be used for other beneficial uses including monitoring of  the educational progress.

Hope some MP like our own Mr Tejasvi Surya or Rajeev Chandrashekar takes up such amendments when the Bill comes for debate in the Parliament.

Naavi


Footnote: A suggestion made on Section 37 after the closure of JPC proceedings, requested to be taken up during the Parliamentary debate.

Current version:

Power of Central Government to exempt certain data processors.:

“The Central Government may, by notification, exempt from the application of this Act, the processing of personal data of data principals not within the territory of India, pursuant to any contract entered into with any person outside the territory of India, including any company incorporated outside the territory of India, by any data processor or any class of data processors incorporated under Indian law.”

Suggested version:

Power of Central Government to exempt certain Data Fiduciaries or data processors:

“The Central Government may, by notification, exempt from the application of this
Act, the processing of personal data of data principals not within the territory of India,
pursuant to any contract entered into with any person outside the territory of India,
including any company incorporated outside the territory of India, by any data
fiduciary or data processor or any class of data fiduciaries or processors incorporated
under Indian law.”

Another recommendation regarding this section has already been submitted to the JPC as follows:

Provided further that the terms in such contracts shall not contravene any applicable Indian law and No liability under the contract shall be enforceable against the Indian entity except with the prior approval of the Authority.

(Please refer point 16 in this document)

Also refer: 

Recommendations to JPC

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.