Recommendations made by the Joint Parliamentary Committee on the Personal Data Protection Bill might lead to a higher compliance burden on start-ups, as per the Internet & Mobile Association of India (IAMAI).
The IAMAI in a statement suggested the formation of an expert group to be set up to study the impact of these recommendations on start-ups.
Watch the BuzzInContent Awards 2021 promo:
The Joint Committee on Personal Data Protection Bill, 2019, headed by MP PP Chaudhary, had submitted its report on Thursday.
The IAMAI in its statement released on Friday said that “Prima facie it seems that the draft that was put out in 2019 after the widest possible consultations has changed fundamentally, including the title of the bill from Personal Data Protection Bill to Data Protection Bill. Certain other deviations such as the recommendations that social media intermediaries could become publishers in certain circumstances and a few aspects of data localisation norms change the original structure of the bill substantially.”
IAMAI said that the report currently encompasses non-personal data within the personal data protection bill which is contrary to the recommendations of the expert committee appointed by MEITY to develop a framework for non-personal data governance.
It further said that the requirement on DPA to consult the Central Government before issuing any approvals or decisions on cross-border data flows would create an incredibly slow and cumbersome process for decisions and would mitigate the autonomy and efficiency of a specialised body such as the DPA.
The organisation also raised its concerns on the recommendation of imposing age restrictions of 18 years on certain services that will exclude an important demographic from the digital ecosystem and will contradict most data regimes that create enabling provisions for 13-18 years.
It, however, expressed the belief that the government will continue the transparent and consultative ethos under which the earlier draft bill was developed and urge further deliberations on the report.
Certain provisions in the report such as the new requirement for hardware/device testing need to be discussed with the industry as the outcomes of such a mechanism are not clear given that data fiduciary is already legally accountable for complying with the law, it said.
The bill will impinge upon the IP rights of the companies as part of the new requirements on data portability and algorithmic transparency. These objectives can be achieved without compromising on trade secrets.