The Subhash Garg Committee’s report on Fintech has touched on several aspects of the industry. It has interalia recommended on two aspects which are immediately relevant for us as observers of ITA 2000 and PDPA.
Firstly it has recommended changes to ITA 2000, to bring in the documents kept out of ITA 2000 under Section 1(4).
The recommendation is as under
Para 2.4.6: Re-engineering Legal Processes for the Digital world
The Committee recommends review by Department of Legal Affairs of all such legal processes that have a bearing on financial services and consider amendments permitting digital alternatives in cases such as power-of-attorney, trust deeds, wills, negotiable instrument, other than a cheque, any other testamentary disposition, any contract for the sale or conveyance of immovable property or any interest in such property, etc., (where IT Act is not applicable), compatible with electronic service delivery by financial service providers.
These exemptions had come in due to some specific thoughts which were relevant in 1998-2000 when the law was drafted. There are certain changes that have occurred in technology that may warrant a rethink on some of the aspects. However, the steering committee was neither tasked to think about changes in ITA 2000 nor it had the necessary expertise.
Hence the suggestions can only be taken as nothing more than an indication to the Government and should be handled with care.
Secondly, the committee has also made suggestions regarding the powers of the proposed Data Protection Authority proposed under PDPA, as under.
Para 4.4.3: Coordination with Financial Regulators:
The Committee is of the view that in some cases, data privacy requirements in existing legislation may need to be reviewed in order to tailor them to the emerging data privacy legislation. The Committee also considers that given the fact that sectoral regulators are already taking steps to maintain the security and confidentiality of consumer data in their respective jurisdictions, some obligations the Data Protection Bill seeks to place on the DPA may be given to the sectoral regulators to discharge. Regulators must therefore carefully review their existing regulatory framework and identify any changes or modifications that may be required to the current regulatory framework.
It appears that the committee was apprehensive of the loss of power of some of the other authorities who may have to work as per the directions of the DPA. It is obvious that the DPA will respect the sectoral regulators and accommodate their views in the implementation of the Data Protection regulations. But there has been a tendency by different departments of the Government to come up with their own Privacy related regulations that could overlap with the PDPA and confuse the market players.
This should be avoided. Let the DPA come into existence as per law with suitable flexibility in defining the codes and practices in different sectors and then discussions can be had with individual sectoral regulators so that their views can be accommodated.