Par panel recommends extra accountability of social media platforms, non-personal knowledge regulation | India Information
New Delhi: A parliamentary body on Thursday recommended stricter norms regulating social media platforms by holding them accountable for the content they host, while stressing the imperative to store data in India and limit access to it by making it sensitive and critical data.
It recommended extending the scope of the proposed data protection legislation to personal and non-personal data with “a single administrative and regulatory authority” and sought greater accountability for social media platforms by treating them as “publishers”.
However, the report did not recommend any major dilution of the controversial exception clause, which gives the government the power to keep its agencies outside the scope of data protection laws.
Data protection lawyers have spoken out against the said provision, and some members of the parliamentary opposition (MPs) had also expressed concerns in their dissenting comments.
The 30-member joint committee on the 2019 personal data protection bill, led by BJP MP PP Chaudhary, presented its report in both houses on Thursday.
The most important findings from the report include the expansion of the scope of the draft law to include non-personal data, stricter regulation for social media platforms and the establishment of a statutory media supervisory authority based on the model of the Indian press council.
The committee noted in its report that as India has become a large consumer market, there is a large amount of data collection, processing and storage taking place on a daily basis.
“… the committee felt that it was imperative to store data in India and restrict access to it by making it sensitive and critical personal data, which gives a boost to data localization,” it said the report.
The committee’s report made it clear that “India must no longer leave its data to any other country”.
The committee has also advocated a framework for regulating hardware manufacturers who collect data along with software. She advocated a mechanism to certify all digital and Internet of Things (IoT) devices.
“Given the immediate need to regulate social media intermediaries, the committee has expressed a strong view that these nominated intermediaries can act as content publishers in many situations, given the ability to choose who is receiving the content and are in control exercise over access to such content hosted by them, “the report said.
The panel recommended treating all social media platforms that do not act as intermediaries as “publishers” and holding them responsible for the content they host.
“The committee also recommended that a statutory media regulator, modeled on the Indian Press Council, can be set up to regulate the content of all of these media platforms, regardless of the platform on which their content is published, be it online, in print or on other way, “it said.
A mechanism should be developed whereby social media platforms that do not act as intermediaries are held responsible for the content of unverified accounts on their platforms.
“As soon as the verification application has been submitted with the required documents, the social media intermediaries must verify the account,” says the report.
Proposed changes to the bill include classifying social media platforms as key data trustees.
The committee suggested that no social media platform should operate in India unless the parent company sets up a local office.
She has tried to include non-personal data in her scope as well and says restricting the new legislation to only protecting personal data or calling it a personal data protection law is “detrimental to privacy”.
Accordingly, it has proposed to change the title of the bill to the Data Protection Act 2021.
“The Committee therefore recommends that as the DPA (Data Protection Agency) processes both personal and non-personal data, any additional directive / legal framework on non-personal data can become part of the same enactment rather than separate legislation,” it said.
The committee’s suggestions are non-binding. The committee agreed that the legal provisions should be implemented within 24 months, so that data trustees and data processors have sufficient time to make the necessary changes to their policies, infrastructures and processes.
The committee said in its report that although there are provisions (in the draft law) for cross-border data transfers, “the central government needs to take some concrete steps to ensure that a mirror copy of sensitive and critical personal data that is already in the possession of the company is maintained foreign units must be brought to India on a timely basis “.
It proposed a 72-hour time limit for reporting personal data breaches. The panel has also advocated flexible sanctioning provisions for “data trustees” (who determine the purposes and means of processing personal data).
Accordingly, it recommended rephrasing the specific clause to include “as required, not to exceed” prior to the penalties imposed for breach of norms by data trustees.
The panel found that there is currently no single unified authority in the country that regulates the various forms of media, particularly the news media.
“In the opinion of the committee, the existing media regulators such as the Press Council of India are not adequately equipped to regulate the journalism sector, which wants to use modern communication methods such as social media platforms or the Internet in general,” it said.
In this context, the Committee considered the establishment of a statutory body for media regulation to be necessary in order to achieve the stated objectives.