Panel on data protection bill recomnends greater accountability of social media platforms

New Delhi [India], December 16 : The joint parliamentary committee on personal data protection bill has recommended that all social media platforms, which do not act as intermediaries, "should be treated as publishers and be held accountable for the content they host".
In its report submitted in the Parliament on Thursday, the panel recommended that "all social media platforms, which do not act as intermediaries, should be treated as publishers and be held accountable for the content they host".
"A mechanism may be devised in which social media platforms, which do not act as intermediaries, will be held responsible for the content from unverified accounts on their platforms," the report added.
Referring to social media intermediaries, the panel said once the application for verification is submitted with necessary documents, they "must mandatorily verify the account".
The committee has also recommended that no social media platform should be allowed to operate in India unless the parent company handling the technology sets up an office in India.
It said the "designated intermediaries may be working as publishers of the content in many situations, owing to the fact that they have the ability to select the receiver of the content and also exercise control over the access to any such content hosted by them".
"Therefore, a mechanism must be devised for their regulation," it said.
The committee has recommended that a statutory media regulatory authority on the lines of the Press Council of India may be set up for the regulation of the contents on all such media platforms irrespective of the platform where their content is published, whether online, print or otherwise.
Expressing its concern over the forms and procedures provided for reporting of instances of data breach by the data fiduciary, the panel suggested some specific amendments at appropriate places in the existing Clause 25 of the bill.
The committee has also desired that there should be specific guiding principles to be followed by Data Protection Authority while framing the regulations in this regard.
The committee desired many guiding principles to be incorporated. Of them, one was that the the Authority while posting the details of the personal data breach under Clause 25(5) should ensure that the privacy of the data principals is protected.
It said where the data principal has suffered immaterial or material harm owing to the delay in reporting of the personal data breach by data fiduciary, the burden to prove that the delay was reasonable shall lie on the data fiduciary.
The data fiduciary shall be responsible for the harm suffered by the data principal on account of delay of reporting of the personal data breach and the authority should ask the data fiduciaries to maintain a log of all data breaches (both personal and non-personal data breaches).
"It should be reviewed periodically by the Authority, irrespective of the likelihood of harm to the data principal," the panel said.
It said "temporary reprieve to data fiduciary may also be an area of concern when data breaches occur inspite of precautions as an act of business rivalry or espionage to harm the interest of the data fiduciary".
"In such cases, the Data Protection Authority may use its discretion to authorize temporary order on non-disclosure of details if it doesn't compromise the interests of data," the panel said.
The Joint Committee on Personal Data Protection Bill, 2019 is headed by BJP Lok Sabha member PP Chaudhary.
Seven MPs - Jairam Ramesh, Gaurav Gogoi, Manish Tewari and Vivek K Tankha of Congress, TMC's Mahua Moitra, BSP's Ritesh Pandey and BJD's Amar Patnaik - gave dissent notes.