Report of the Parliamentary Standing Committee on Communications and IT on the subject of ‘Citizens’ data security and privacy’ relating to MeitY has been presented before the Lok Sabha today at 2:11 PM.
The meeting of the Lok Sabha Standing Committee on Communications and IT took place on July 26, 2023, 10 AM onwards.
Last month, IFF wrote to the Committee Chairperson and Members about the “Citizens’ data security and privacy”. We highlighted the numerous data breaches and cyber attacks which are made worse by the lack of a data protection law.
In our representation, we primarily focused on four aspects: Cert-In, Section 43A, Information Technology (IT) Act, 2000, the draft Digital Personal Data Protection Bill, 2022 (DPDPB, 2022) & the National Data Governance Framework Policy (NDGFP, 2022).
Concerning Cert-In, we requested review of directions dated April 28, 2022 to ensure fundamental rights of individuals are upheld with the help of consultations from cyber security experts and other civil society members.
We highlight the limited application of Section 43A, IT Act, 2000, and IT Rules, 2011 to ‘sensitive’ data and the provision forbidding adjudication of a dispute where data in custody of the government is breached. Worryingly, the present DPDPB, 2022 removes this provision.
We even highlight the myriad of issues with the DPDPB, 2022 including vagueness of the draft, excessive delegation to executive for rule-making, consent being “deemed” in certain situations, expanded exemptions & the lack of independence of the Data Protection Board, etc. We also highlighted the lack of privacy safeguards associated with data sharing mechanisms under NDGFP, 2022.