IT Minister Ashwini Vaishnaw is looking to hold a closed-door meeting with legal experts and educators to understand the initial feedback (and pushback) from the industry concerning the Digital Personal Data Protection Bill (DPDPB), 2022.
“The idea is to understand the first impressions and the major pain points so far,” ET reported. “The government will also try to allay any fears that experts have raised so far on some of the contentious issues.”
The move to hold a meeting also comes on the back of IT minister Vaishnaw claiming that the data protection bill will be passed by August 2023. During an event in Bhubaneswar, he said, “Both the bills [DPDPB and Telecom bill] have been released for public consultation and a committee of the parliament is also vetting the bills. We have targeted to pass the bills by July-August next year,” he said.
The new round of the stakeholder meetings comes shortly after the minister of state for IT, Rajeev Chandrasekhar also held a meeting with stakeholders. Following this, he had said that the Bill does not intend to appoint a regulator and create regulation for the data ecosystem.
“That is down the road when we create a new bill for Digital India Act and the Bill narrowly focuses on data protection of consumers,” Chandrasekhar had said.
Problems With The Data Protection Bill
Experts are of the opinion that while the present draft of the Digital Personal Data Protection Bill gives a simpler framework, it also curtails the definition of personal data. Furthermore, experts have flagged the overarching powers that the central government and the data protection board will have post the legislation comes into play.
For instance, certain clauses such as ‘public order’ and ‘national security’ can be ambiguously deployed and misused to deny consent-based data collection and processing, legal experts have stated.
Another problem that comes out of a preliminary read is the legislation of non-automated digital data. That is, the definitions of ‘data’ seemingly exclude data collected over third-party applications, but are not counted as automated or digitised ‘data collection’. The Bill also excludes any mention of data breaches that have already occurred and the protection of data already on the dark web.