Personal Data Protection Bill referred to joint select committee of Parliament

The govt wants the draft law to be ready by the Budget session of parliament

Ravi-Shankar-Prasad-Data-Protection-Bill-PTI-LSTV Union Minister Ravi Shankar Prasad speaks in the Lok Sabha during the ongoing Winter Session of Parliament, in New Delhi | LSTV/PTI

The Personal Data Protection Bill was on Wednesday referred to a joint select committee of both Houses of Parliament.

A resolution moved by Union minister Ravi Shankar Prasad was passed by Lok Sabha by a voice vote.

The panel will have 20 members from Lok Sabha and 10 from Rajya Sabha. The Upper House will give names of the members it wants to send to the panel.

The move to refer it to a joint select committee was met with protest, with Congress MP Shashi Tharoor demanding that it be referred to a department standing committee on IT that he is heading, which is currently investigating the Pegasus snooping case.

Both the Congress and the Trinamool Congress (TMC) criticised the government for a growing "snooping industry" under its watch and alleged that the bill violated the Constitution. Electronics and Information Technology Minister Ravi Shankar Prasad refuted the charge and said a parliamentary panel could examine it in a most-detailed manner.

The government will move a proposal to send the bill to the proposed committee on Thursday, he said.

This, however, infuriated the opposition, which had called for the bill to be sent to the departmental standing committee headed by Tharoor, which had recently decided to take up the WhatsApp snooping case, despite reservations expressed by the BJP members on the panel.

Opposition parties walked out in protest as the House, where the ruling BJP-led NDA has a massive majority, allowed the minister to introduce the bill.

The proposed joint select committee will be exclusively dedicated to examining the bill in a "most detailed manner", Prasad said, adding that the government wanted the draft law to be ready by the budget session of Parliament, which starts by January-end.

When Tharoor rose to protest against the move, Prasad retorted, saying as the chairperson of the standing committee on information technology, he could not advocate his own cause.

The joint panel would have the sole agenda of going through the bill as the parliamentary standing committee had other bills to scrutinise, Prasad said.

Before the introduction, opposition members such as Adhir Ranjan Chowdhury of the Congress and Saugata Roy and Mahua Moitra of the TMC spoke against the bill, demanding that it be examined by the standing committee concerned.

Chowdhury said a "snooping industry" had grown and Prasad's ministry was "riddled with suspicions" about its conduct.

Roy said people's privacy was breached, referring to the row over the use of Israeli software Pegasus to spy on the WhatsApp communication of some people.

There was no necessity for the bill which, he said, would add one more layer of bureaucracy when the existing laws could deal with the matter.

They also cited a Supreme Court judgment that said privacy was a fundamental right to question the bill.

Prasad launched a strong defence of the bill, asserting that it had the apex court's mandate as the Supreme Court had underlined the need for a data protection law.

The bill was aimed at safeguarding people's rights and privacy, he said.

Privacy was a fundamental right but terrorists or the corrupt enjoyed no such right, Prasad said, citing the court's order.

The proposed law was prepared on the recommendations of the Justice Srikrishna Committee which, he said, had engaged in the "widest consultation".

The minister said the proposed law sought to divide people's data into three categories.

The information falling in the critical category would not be allowed to be taken out of the country and the one falling in the sensitive country could go out only with the user's consent, he added.

The definition of what constitutes critical personal data can be notified by the Central government, according to the bill.

The proposed law seeks bars on storing and processing of personal data by entities without the explicit consent of an individual.

It, however, provides for exemptions for "reasonable purposes" such as "prevention and detection of any unlawful activity including fraud, whistle-blowing, merger and acquisitions, network and information security, credit scoring, recovery of debt, processing of publicly available personal data and the operation of search engines".

The legislation provides for stringent ground rules for processing of personal and sensitive information of children, while mandating the processing of "critical" personal data only in India.

But data concerning health services and for complying with any law or court order could be processed without the consent of the owner, the draft bill said.

It also gives the power to the government to decide from time to time on the exemption list.

It also empowers the Centre to exempt any government agency from the application of the proposed legislation.