India - Report By The Joint Parliamentary Committee On The Personal Data Protection Bill, 2019.

20 January 2022

The Joint Parliamentary Committee (“JPC”) on the Personal Data Protection Bill, 2019 (“Bill”) presented its report (“Report”) in the parliament on 18 December 2021. The Report contains two parts, i.e., the major recommendations on data protection and privacy in connection with provisions in the Bill and the clause-by-clause examination of the Bill.

The JPC has recommended a phased implementation of the new data protection regime and suggested that all provisions of the Bill should be implemented within 24 (twenty four) months from its notification. Further, with respect to the Data Protection Authority of India (“DPA”), the JPC recommended that DPA should start its activities within 6 (six) months.

The JPC has also recommended to enlarge the scope of application of the law and include the regulation of non-personal data including anonymized personal data as well as personal data under the new proposed Bill. The DPA will be empowered for handling both personal as well as non-personal data.

The JPC has recommended that central government in consultation with all the sectoral regulators should develop a comprehensive policy on data localisation. It has also recommended that the central government should ensure that a mirror copy of all such data that is currently available with foreign entities should be mandatorily brought back into India.

The JPC has recommended that the DPA should regulate manufacturers that collect data through internet of things (IoT) and other similar devices. Further, it has recommended appropriate privacy certification processes for all digital and IoT devices to ensure the integrity of all such devices with respect of data privacy & protection.

The JPC in order to crystallise norms for reporting of data breaches has suggested a fixed time period of 72 (seventy two) hours for reporting data breaches to the DPA. The DPA after such breach may also direct the data fiduciary to report and post details on its website.

Other recommendations under the Report include social media platforms being subject to higher compliances, providing clarity on appointment of a data protection officer, additional layer of approval for cross-border data transfer, and wider representation by technical, legal experts on the selection committee for DPA appointment.

Please click here to read the Report.

For further information, please contact:

Souvik Ganguly, Partner, Acuity Law

al@acuitylaw.co.in

India – Report By The Joint Parliamentary Committee On The Personal Data Protection Bill, 2019.

Employer Sponsorship And Work Permits In Indonesia.

- Stephen Igor Warokka - SSEK,

Labor And Employment Law Updates From Indonesia And The World.

Gross Split Production Sharing Contracts: Commercial Insights From Indonesia’s MEMR Regulation No. 13 Of 2024.

- Fitriana Mahiddin - SSEK, SSEK

UK – Shifts Workers – A New Right To Reasonable Notice.

Hong Kong – Keepwell Deeds: A Workable Solution To PRC’s Foreign Exchange Control?

The Catch And Kill Of Non-Disclosure Agreements? New UK Guidance.

EU – Tightening The European Union’s Powers To Review Foreign Direct Investments.

Malaysia – General Average And Salvage.

- Philip Teoh - Azmi & Associates, Azmi & Associates

Role Of Technology In Legal Service Delivery.

Process Optimisation In Legal Teams: Improving Workflow Efficiency.

CONVENTUS LAW

OTHERS

India – Report By The Joint Parliamentary Committee On The Personal Data Protection Bill, 2019.

Register for your monthly Asia legal updates from Conventus Law

Footer

CONVENTUS LAW

OTHERS