Data Protection & Privacy

PDPB draft circulation within JPC by Nov. 15; exemptions raise eyebrows

The Joint Parliamentary Committee (JPC) on the Personal Data Protection Bill (PDPB) is likely to circulate its final draft report amongst its members by November 15, Entrackr reported. On 23rd July, the Lok Sabha gave an extension to JPC for the fifth time since it referred the bill to it first in 2019. The JPC now has time till the Winter Session of the Parliament to submit its report.

Earlier reports suggested that the new Chairman of the Committee PP Chaudhary proposed multiple changes to the bill. He also proposed to include both personal and non-personal data in the bill.

A lot of leeway through exemptions?

Section 35 of the PDPB allows the Central Government to exempt any agency of the Government from the application of the Act. An anonymous source told the publication that members have discussed the section “which allows blanket exemptions to government agencies from adhering to any and all provisions of the bill”. The person said:

“Many members of the committee, especially those who come from the non-ruling BJP, have asked to streamline Section 35 of the bill, fearing that it may give a lot of leeway to the central government and its agencies.”

According to a report in the Hindu, the Unique Identification Authority of India (UIDAI) and the Income Tax department have already asked the JPC to keep them outside the purview of the data protection bill.

The publication had, however, also reported that the Section has been retained. The Committee has recommended that the Government should submit in writing the reasons for seeking any such exemption. However, MPs who do not endorse this “middle path”, are likely to submit their dissent notes.

Decentralised Data Protection Authority?

The same source also revealed that many states have asked for a decentralised Data Protection Authority (DPA).

Section 41 of the proposed law provides for a ‘DPA of India’. The Central Government shall appoint this authority which shall be a body corporate. The selection panel, made of the Cabinet Secretary, the Secretary to the Ministry of Law, and the Secretary to the Ministry of Electronics and Information Technology, shall also appoint six whole-time members other than the Chairperson of the Authority.

The states want to allay concerns of a singular, all-powerful centralised DPA. Hence, the JPC Chairman may seek more time to consult with the states. He said:

“Many states have asked for a decentralised DPA and the chairman may seek some time to consult with the states.”

Another source said, “Many non-BJP state governments feel that the current structure of DPA gives the central government too much indirect control over how the data protection bill would be implemented.”

Meanwhile, Justice B.N. Srikrishna, the Chairman of the Committee on Personal Data Protection, has said that the government should pass PDPB before legislating on cryptocurrency.


Do subscribe to our Telegram group for more resources and discussions on tech-law & policy. To receive weekly updates, don’t forget to subscribe to our Newsletter.

Rohit Ranjan Praveer

Rohit is a practicing advocate at Delhi. Beginning as a tech enthusiast, Rohit always had a keen interest in computer forensics and information security. Building upon these fundamentals, he has undertaken extensive research on various techno-legal topics and continues his pursuit pass on valuable information to the masses, with a zeal to build something that outlasts him.​

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.