Tsaaro Welcomes JPC Recommendations With Regards to Data Protection Bill, 2021

Mr Akarsh Singh, CEO & CoFounder, Tsaaro

Tsaaro, India’s leading Data Privacy and Consulting company, welcomes the Joint Parliamentary Committee’s (JPC) recommendations on renaming the Draft Personal Data Protection Bill 2019 to ‘Data Protection Bill 2021’, entailing provisions on non-personal data as well. This Bill is an attempt to bring India into compliance with global data rules and to control the uncharted waters of personal data privacy.

Recently, Tsaaro asked about 200+ Data Privacy Professionals about their expectations from India’s Personal Data Protection Bill and here’s what we found out through Tsaaro’s Survey on People’s Expectations from the Draft Personal Data Protection Bill, 2019.

“The need for the Survey arose because we at Tsaaro saw the gap between the Data Protection Bill draft and the expectations people had in their minds from the Bill. While we understand that every organization will have to ensure compliance once the Bill is passed, it is necessary to keep in mind that the rights of the individual are protected.”, said Akarsh Singh, CEO & Co-founder of Tsaaro.

When participants were asked whether the Bill fares well when compared to other global privacy laws such as the GDPR, CCPA & the PIPL, 51% stated that they do believe that the Bill is on par with the other laws. We are glad to see that the JPC has made recommendations and changes to make the bill stand toe to toe with leading legislation. Various GDPR provisions are used as a reference and which makes sure that Indian law will fare well against other statutes.

When participants were asked whether they agree that now Social Media giants such as Instagram or Facebook etc. will have to ensure compliance as per the Indian Regulations, a majority of 93% agreed that such platforms will have to adhere as per Indian Privacy Laws now. Recommendation 5 of the JPC, speaks in favour of the same and now Social media companies will be considered as data fiduciaries and will be liable for the content posted on their platform. When it comes to data localization, as per Recommendation 10 of JPC, it was observed that national security is of paramount importance and India can’t compromise it on the grounds of promotion of businesses.

The JPC’s recommendation, however, takes that one step further. The JPC is of the opinion that Indians’ sensitive and critical personal data that is “already” in possession of foreign firms and is stored on servers overseas even by such social media giants should be mirrored in India. As the Bill aims to protect the rights of individuals, it is important for us to understand the expectations of people; the ones who will be the data subjects under the law and we are glad to see most of the recommendations of participants of the survey being considered by the JPC.

“The Committee also desires that proper utilization of revenue generated out of data localisation may be used for welfare measures in the country especially to help small businesses and startups to comply with data localization norms,” the JPC draft report on the data protection bill reads.