New Delhi: A parliamentary panel on December 16, Thursday, recommended tougher norms to regulate social media platforms by holding them accountable for the content they host while asserting that it is imperative to store data in India and restrict access to it by categorising it as sensitive and critical personal data.
It recommended widening the scope of proposed data protection legislation to include both personal and non-personal data with “a single administration and regulatory body”, and sought greater accountability for social media platforms by treating them as ‘publishers’.
Raman Jit Singh Chima, Asia-Pacific policy director at Access Now, a global tech policy think tank told Hindustan Times that the panel’s proposal to treat social media companies as publishers and determine their liability “is a first for any data protection law”.
The report, however, did not recommend any major dilution of the contentious exemption clause, which gives powers to the government to keep any of its agencies outside the purview of the data protection legislation. Clause 35 of the Bill grants sweeping powers to the government to exempt any of its agencies from the provisions of the Bill and Data Protection Act.
Privacy advocates have been opposing the said provision, and some opposition members of parliament (MPs) too had flagged concerns through their dissent notes.
“The committee has added “reasonable and necessary” to Clause 35, but it is no safeguard and can be easily circumvented. The committee should have recommended the deletion of this clause in entirety,” Chima told the newspaper.
Also read: Privacy Delayed Is Privacy Denied
The 30-member Joint Committee on Personal Data Protection Bill, 2019, headed by Bhartiya Janata Party MP P.P. Chaudhary, tabled its report in both houses on December 16, after two years of deliberations.
The key takeaways from the report include widening the scope of the draft legislation to also cover non-personal data, tighter regulation for social media platforms along with the establishment of a statutory media regulatory authority on the lines of Press Council of India.
The committee in its report observed that since India has become a big consumer market, there is a large collection, processing and storage of data happening daily.
“…the committee opined that it is imperative to store data in India and to restrict access to it by categorising them as sensitive and critical personal data, thus giving impetus to data localisation,” the report said.
The committee’s report made it clear that “India may no more leave its data to be governed by any other country”.
“The committee, considering the immediate need to regulate social media intermediaries have expressed a strong view that these designated intermediaries may be working as publishers of the content in many situations, owing to the fact that they have the ability to select the receiver of the content and also exercise control over the access to any such content hosted by them,” the report said.
The panel recommended that all social media platforms, which do not act as intermediaries, be treated as “publishers” and be held accountable for the content they host.
“Further, the committee has recommended that a statutory media regulatory authority, on the lines of Press Council of India, may be set up for the regulation of the contents on all such media platforms irrespective of the platform where their content is published, whether online, print or otherwise,” it said.
A mechanism should be devised where social media platforms, which do not act as intermediaries, will be held responsible for the content from unverified accounts on their platforms.
“Once an application for verification is submitted with necessary documents, the social media intermediaries must mandatorily verify the account,” said the report.
The changes it has proposed to the Bill include classifying social media platforms as significant data fiduciary.
The committee suggested that no social media platform should be allowed to operate in India unless the parent company sets up a local office.
It has sought to bring non-personal data in its ambit too, saying restricting the new legislation only to personal data protection or to name it as Personal Data Protection Bill is “detrimental to privacy”.
In their joint dissent note on the joint parliamentary committee (JPC) report, Rajya Sabha MP Derek O’Brien and Lok Sabha MP Mahua Moitra had criticised the excessive powers given to the government on various aspects and the inclusion of non-personal data in the Bill.
According to India Today, the committee has said that self-regulation and existing media regulators are insufficient and ill-equipped to regulate the journalism industry.
Therefore, the committee has desired that “Clause 36(e) may be amended to empower any statutory media regulator that the government may create in the future and until such time the government may also issue rules in this regard”.
Clause 36 of the Bill makes the “right to be forgotten” inapplicable to the processing of personal data by any court or tribunal in India that is necessary for the exercise of any judicial function.
(With inputs from PTI)