Committee on personal data protection bill suggests single regulatory body for personal, non-personal data

Dec 16, 2021

New Delhi [India], December 16 : Noting that non-personal data has also to be dealt within the legislation if privacy is the concern, the Joint Committee on Personal Data Protection Bill, 2019, has suggested creating a "single administration and regulatory body" to avert contradiction, confusion and mismanagement.
The committee, whose report was submitted in parliament on Thursday, has said that all data should be dealt with by one Data Protection Authority (DPA).
"Since the Bill provides for the establishment of one Data Protection Authority, we cannot have two DPAs one dealing with privacy and personal data and the other dealing with non-personal data," it said.
"The committee has, therefore, recommended that since the DPA will handle both personal and non-personal data, any further policy or legal framework on non-personal data may be made a part of the same enactment instead of any separate legislation," it added.
The report said that as soon as the provisions to regulate non-personal data are finalized, "there may be a separate regulation on non-personal data in the Data Protection Act to be regulated by the Data Protection Authority".
The committee has also "approved the objects and reasons of the Bill as these are in the nature of public policy as these suitably address the concerns that emerge out of the Puttaswamy judgment on privacy as a fundamental right and the broad recommendations of Justice B.N. Srikrishna Committee".
The committee has suggested changing the name of the bill and observed that to define and restrict the new legislation only to personal data protection or to name it as Personal Data Protection Bill is detrimental to privacy.
"The bill is dealing with various kinds of data at various levels of security and it is impossible to distinguish between personal data and non-personal data, when mass data is collected or transported," it said.
The committee noted that Clause 1(2) of the Bill does not provide for any timeline for implementation of the Act after issue of notification.
Observing that the implementation of the Act will be in phases, the committee felt that the period for implementation of various provisions may "not be too short or too delayed".
"Data fiduciaries and data processors would also require sufficient time for transition. No specific provision for transitional phase necessarily creates uncertainty for the concerned stakeholders," the repot said.
The committee has recommended that provisions of the Act shall be deemed to be effective not later than 24 months from the date of notification.
Suggesting that a phased implementation may be undertaken in order to ensure that within three months chairperson and members of DPA are appointed, it said the DPA should commence its activities within six months from the date of notification of the Act, the registration of data fiduciaries should start not later than ninne months and be completed within a timeline.
"Adjudicators and appellate tribunal commence their work not later than twelve months and provisions of the Act shall be deemed to be effective not later than 24 months from the date of notification of this Act," the panel said.
The report suggested that a comprehensive analysis and consultation with stakeholders should be undertaken by the government to discover and understand the technical or operational and managerial requirements for compliance of the provisions of the bill.
The government should ensure that in the process of implementation of each phase, it should keep the legitimate interests of businesses in mind, so that it does not detract, too far, from its stated objective of promoting ease of doing business in India, the report noted.
The Joint Committee on Personal Data Protection Bill, 2019 is headed by BJP Lok Sabha member PP Chaudhary.
The report contains two parts. The first part consist of general descriptions and 12 recommendations on data protection and privacy in connection with provisions made in the Bill.
The second part relates to clause by clause examination of the bill and contains 81 recommendations making modifications and more than 150 drafting corrections and improvements in various clauses of the legislation.