🚨Day 1 of MediaNama’s conference on Decoding India’s Data Protection Bill is going live soon #DataProtectionBill2021 
We will begin with an opening keynote by @mpriteshpandey (Lok Sabha MP and Member of JPC on PDP Bill), followed by sessions on Obligations of Data Fiduciaries and Cross Border Data Flows. #DataProtectionBill2021
The discussion will be live streamed at . Please feel free to share this link on social media or with friends/colleagues who might be interested. #DataProtectionBill2021
We had shared a reading list with participants prior to the discussion. You may find the reading list at medianama.com/2022/01/223-sp… #DataProtectionBill2021
Decoding India’s Data Protection Bill is now being live streamed. We would like to thank our partner @adif_India for helping us put this together.
LIVE 🔴 | Lok Sabha MP Ritesh Pandey, Member of the Joint Parliamentary Committee on the Personal Data Protection Bill, is now delivering the keynote address at MediaNama’s Decoding India’s Data Protection Bill. #DataProtectionBill2021
JPC approached Bill, with humility and as a work in progress. Although imperfect, this must be noted. - @mpriteshpandey #DataProtectionBill2021
@mpriteshpandey JPC has recommended data localisation to move beyond sensitive and critical personal data over time. This will bring economic benefits. While contentions, one cannot deny global trend leading towards it. - @mpriteshpandey #DataProtectionBill2021
The new rules proposed by JPC for data breaches will ensure the much needed accountability from companies and gives DPA power to judge situation based on severity. - @mpriteshpandey #DataProtectionBill2021
Unfettered access to personal data by the State is potentially unconstitutional. The Bill extends the surveillance power of the government and creates two parallel universe - one for private and one for govt. - @mpriteshpandey #DataProtectionBill2021
Govt should restrict its interference in the working of the DPA. Members of DPA must be impartial and not under the influence of any party. We need flat hierarchical structure in the Selection Committee. - @mpriteshpandey #DataProtectionBill2021
Age of consent is inflexible in current Bill. It looks at age of consent from a contract perspective. But 14 years is a better choice when looking at it from a child psychological development point of view as well as for parity. - @mpriteshpandey #DataProtectionBill2021
We must consider adequacy requirements. Compatibility between regimes is necessary for seamless cross-border data flows. But the government powers in Clause 35 and 37 among others pose problem to adequacy. - @mpriteshpandey #DataProtectionBill2021
Despite the shortcomings, Bill is truly seminal and it is wide-reaching in shaping the years to come by introducing much needed checks and balances - @mpriteshpandey #DataProtectionBill2021
Large section of children do not have digital literacy necessary to keep themselves safe and a lot will be using the Internet. This is why Bill has added specific safeguards in terms of banning profiling, targeted ads concerning children.- @mpriteshpandey #DataProtectionBill202
Critical personal data has been left unspecified to allow for the government to work with DPA to come up with them. But what we talked about is things like iris scans, certain health info, etc. - @mpriteshpandey #DataProtectionBill2021
Why was non-personal data brought under the Bill? -@nixxin JPC wanted to have one data protection regime and leave scope for both personal and NPD to be considered by a single DPA. Having it spread over many places might be cumbersome. @mpriteshpandey #DataProtectionBill2021
Having state specific DPAs has a lot of benefits. For example it opens up competition between states to make regulations to attract businesses. Or having different age of consent based on state demographic. - @mpriteshpandey #DataProtectionBill2021
Govt under the garb of national security, public order is taking privileges and asking people to trust them, but this going to be constitutionally tested and I hope judiciary sides with the people. - @mpriteshpandey #DataProtectionBill2021
Session 1 on Obligations of Data Fiduciaries will begin shortly. To access comprehensive reporting and discussions on Indian tech policy, subscribe to MediaNama: medianama.com/subscription. #DataProtectionBill2021
LIVE 🔴 | Our first session is on Obligations of Data Fiduciaries where we’ll aim to understand what companies have to do as per the Data Protection Bill 2021, from consent requirements and age-gating, to data breaches and redressal mechanisms. #DataProtectionBill2021
Session Chair: Nikhil Pahwa @nixxin, @medianama; Speakers: @nehaachaudhari (Equity Partner, @ikigailaw), Ulrika Dellrud (CPO, @PayUindia), Uthara Ganesh (Head of Public Policy, @Snapchat India), @udbhav_tiwari (Public Policy Advisor, @Mozilla) #DataProtectionBill2021
Watch Session 1 on Obligations of Data Fiduciaries live: #DataProtectionBill2021
Social media platforms being classified as publishers under the latest Bill by JPC contradicts what IT Rules did. So this is causing confusion for us at Snap and other platforms. Don't see anything like this in the GDPR. - @utharaganesh #DataProtectionBill2021
18 as age of consent is much higher than US, UK, and EU. Effectively cuts down large portion of population and takes away autonomy from people. For Snap the problem is parents are not users, so consent flow will be off platform such as email-@utharaganesh #DataProtectionBill2021
Age verification process is also a risky one because it will require some kind of govt ID, which has privacy ramifications. Complexity has not been acknowledged by Bill. - @utharaganesh #DataProtectionBill2021
Bill is much needed, we welcome it. Like many privacy regulations, it takes from GDPR. One thing we would like to change is that not all financial data should be considered as sensitive. - Ulrika Dellrud @PayUindia #DataProtectionBill2021
Also we already have RBI as regulator for many of the payment related data. So the Bill should leave some of the regulation to sectoral regulators. - Ulrika Dellrud #DataProtectionBill2021
Compliance burden for companies will depend on how data protections practices are currently in your company. Can't paint a broad brush. - @nehaachaudhari #DataProtectionBill2021
It's good to approach implementing the Bill's requirements as privacy first and privacy by design thinking from day 1. That's an overarching rule. - @nehaachaudhari #DataProtectionBill2021
Consent is pretty much the only ground for processing data, which is onerous to companies. GDPR has other grounds as well such as legitimate interests. DPA can add legitimate interests as an exception to our Bill as well - @nehaachaudhari #DataProtectionBill2021
Right to data portability is quite expansive and worrying because it doesn't limit itself to just data that users give platforms but also data that platforms themselves generate. - @nehaachaudhari #DataProtectionBill2021
Bill creates two sets of obligations, one for private sector and one for govt. Many checks and balances that existed in earlier drafts don't exist anymore. - @udbhav_tiwari #DataProtectionBill2021
Bill forces companies to set protection for Indian users, which might make companies start making India specific versions of platforms that are not as feature-enabled as global ones. - @udbhav_tiwari #DataProtectionBill2021
If Bill passes in current form, very hard to imagine other countries agreeing to adequacy, making the process of cross border data flow even more cumbersome. - @udbhav_tiwari #DataProtectionBill2021
Many provisions like age of consent, cross-border data flows are making some companies think of not operating in the country - @udbhav_tiwari #DataProtectionBill2021
Current procedure we follow at Snap for government data requests is according to IT Act, but with the new Bill will they have unfettered access to data is something we are concerned about. - @utharaganesh #DataProtectionBill2021
DPA has a hard role to play and needs lots of resources because a lot of the Bill revolves around them. So the resource capability of DPA is something to think about. - Ulrika Dellrud @PayUindia #DataProtectionBill2021
Concurrent audit, a practice encouraged by the Bill, is a fairly technical term but unlike a typical audit which happens at end of certain periods, concurrent audit is always on and it's far more granular. - @udbhav_tiwari @nehaachaudhari #DataProtectionBill2021
Transparency is always welcome, but when it comes to the algorithmic transparency provision, does it help the user? It should describe impact on user but that is not easy to do. - Ulrika Dellrud #DataProtectionBill2021
Algorithmic transparency provision is super broadly worded. There are several use cases and regulation should account for specific cases rather than one size fits all cause that is adverse for innovation. - @utharaganesh #DataProtectionBill2021
Algorithmic transparency provision is currently like passing a data protection law with one line saying "protect data." It's vague and not explained. - @udbhav_tiwari #DataProtectionBill2021
Including psychological harm as harm in the latest version of the Bill is interesting when you get to the bottom of what that term means and how it will affect what many companies are going. I would define it more narrowly. - @udbhav_tiwari #DataProtectionBill2021
Most global laws have exceptions on using data for investigation purposes but they usually have some caveats, but in this case it doesn't seem to be restrictive. - @udbhav_tiwari #DataProtectionBill2021
Fresh consultation must be called for because a lot has changed in the Bill and lot has changed in the ecosystem. - @utharaganesh #DataProtectionBill2021
Some change that will be welcome: The clause on data quality clause 8(4) should go, NPD data should not be under this Bill, cross-border data flow restrictions should be reworked, introduce new grounds for data processing - @nehaachaudhari #DataProtectionBill2021
People have said this so many times but it merits repeating: the DPA should be more independent. It is important because more and more power is going away to the central government. Also independent DPA is better for companies. - @udbhav_tiwari #DataProtectionBill2021
Wish list: Lower age of consent, leave age verification mech to DPA, reduce cross-border transfer restrictions, remove algorithm transparency provision and allow NITIAayog to work on that separately - @utharaganesh #DataProtectionBill2021
NPD in this Bill is too premature but if it remains it must be clear what provision apply to NPD. - Ulrika Dellrud #DataProtectionBill2021
Are you interested in supporting future discussions at the cutting edge of Indian tech policy? Please reach out to us at medianama.com/events #DataProtectionBill2021
LIVE 🔴 | Our second session is on Cross Border Data Flows where we’ll aim to understand how the new Data Protection Bill will affect companies that send and process data abroad. #DataProtectionBill2021
Session Chair: Prasanto Roy @prasanto; Speakers: @AA_speaks (@nasscom), Jyotsna Jayaram (Partner, @TrilegalLaw ), @sijokuruvilla (Executive Director, @adif_India) and Rahul Sharma @wisdom_stoic (Founder, The Perspective and Grade Ace.) #DataProtectionBill2021
Watch Session 2 on Cross Border Data Flows live: #DataProtectionBill2021
On #DataProtectionBill2021 It brings in a whole lot of interesting views. All the relevant views were gathered but what they are doing with it is a different question. - @prasanto
I was in a panel with European Commission. The concerns which came up were exceptions for government and law enforcement raises questions for European Union @prasanto #DataProtectionBill2021
India processes the data of the whole world. India has a $200 billion services industry which includes American and European data. @prasanto #DataProtectionBill2021
When the JPC report came in, I was expecting an avalanche of queries but nothing came in the first 24 hours. It assumes that storage of data in India is needed for data protection @AA_speaks #DataProtectionBill2021
Data localisation has weakened adequacy and privacy. The state can process any data without consent which is problematic @AA_speaks #DataProtectionBill2021
The state can exempt any agency if it finds it expedient in the interest of sovereignty. The exemption is not for activity but the agency itself . It is a weak standard @AA_speaks #DataProtectionBill2021
@AA_speaks The govenrment and the JPC report seem to be struggling with balance and think that they need data localisation. The industry is concerend with that. @AA_speaks #DataProtectionBill2021
It is sort of sad that we have reconciled with this kind of data localisation. I am not surprised. The report has only made it far more restrictive. - #JyotsnaJayaram #DataProtectionBill2021
We have no certainty on what sensitive personal data. A lot of it is up in the air from a compliance perspective. We do not know what is critical personal data. -#JyotsnaJayaram #DataProtectionBill2021
On concerns regarding the bill, we need to look at two different angles: inflow and outflow of data. The inflow of data concerns foreign nationals. @wisdom_stoic #DataProtectionBill2021
We might see mushrooming of processing which might not be legal in Indian laws. However, the companies might be required to perform those services under contractual obligations @wisdom_stoic #DataProtectionBill2021
When we talk about data that flows out, it covers transfer of only sensitive and critical personal data. It does not talk about the transfer of personal data. @wisdom_stoic #DataProtectionBill2021
It leaves a lot of unanswered questions What are the conditions of personal data? Who makes the rules for it? We need to figure that out. -@wisdom_stoic #DataProtectionBill2021
If I understand correctly, it seems to me that the authority in consultation with the central government can allow transfer of personal for a very specific purpose - @wisdom_stoic #DataProtectionBill2021
From a data protection standpoint, this is a clear acknowledgement that we are moving towards a data-based economy - @sijokuruvilla #DataProtectionBill2021
The fact does remain that there are concerns from a data sovereignty point. Some of these aspects are not laid out clearly. If we look at exemptions, they have only mentioned a cursory line. - @sijokuruvilla #DataProtectionBill2021
There is a certainly a lot of awareness lacking on how much the bill is going to impact them. The popular discourse is around the rights part of the bill - @sijokuruvilla #DataProtectionBill2021
There is every reason for businesses to be anxious. It is pretty straightforward that it is going to increase compliance costs. The cost of innovation will have multiplier impact - @sijokuruvilla #DataProtectionBill2021
The space is evolving a lot. A lot of focus will need to go into that we have data infrastructure as a country. Government exemptions will impact adequacy - @sijokuruvilla #DataProtectionBill2021
@sijokuruvilla Lack of awareness at the smaller enterprise level. When we think of IT-BPM industry at large, we have had exposure due to GDPR. It is in the interest of the government that industry is not tied down over compliance - @AA_speaks #DataProtectionBill2021
We do not know the shape and form of exemption so industry will keep worrying. Why do we need exemptions? The reason you come up with exemptions is because laws have come up with exceptions that they do not normally do - @AA_speaks #DataProtectionBill2021
The fact that state exemptions should not apply to processing of foreign data in India. Fix those things where you put conditions that normally do not apply. - @AA_speaks #DataProtectionBill2021
You are potentially undermining adequacy. The reason cross-border data flows is problematic is the way we have classified sensitive personal data. - @AA_speaks #DataProtectionBill2021
The bill does not come to a conclusion on how to generate templates. The bill borrows a lot from the GDPR - #JyotsnaJayaram #DataProtectionBill2021
I am hoping that given it is not firmed up when it comes up for consultation. Hoepfully, It will come into a more templatised manner. #JyotsnaJayaram #DataProtectionBill2021
There is a challenge that if we do not get it right it becomes very cumbersome. We have had a history of paperwork becoming onerous. It might impact the ease of doing business if we do not get right. - @sijokuruvilla #DataProtectionBill2021
The DPA will play as significant role as RBI does for the economy. The trust and faith in the DPA will be a siginificant factor. All our anxieties will be tied to its functioning - @sijokuruvilla #DataProtectionBill2021
The point of concern is once you exempt contracts then company is free to sign any contract. There are no checks and balances then. We need to have certain moral principles or ethical principles for data processing. - @wisdom_stoic #DataProtectionBill2021
There is confusion over when you talk about getting single contract approved by the DPA or it will be based on model contracts. - @wisdom_stoic #DataProtectionBill2021
India and EU in their last joint statement they have expressed their desire to have a dialogue on reciprocal adequacy. There is only one example with Japan - @wisdom_stoic #DataProtectionBill2021
I think there is a reason why we are not seeing any change because the government is looking at data localisation for a different purpose. - #JyotsnaJayaram #DataProtectionBill2021
We should look at data localisation separately from cross-border data transfers. #JyotsnaJayaram #DataProtectionBill2021
The impact is manifold. It challenges the promise of internet as an innovation platform. The government is looking at it from a different lens. It is arbitrary. @sijokuruvilla #DataProtectionBill2021
There will be lot of questions of liability and compliance burdens. This has happened in RBI regulations when there is enormous complexity in regulations - @prasanto #DataProtectionBill2021
An average small ecommerce store will have 35 average plug-ins. There are a lot of tools in which we optimise productivity. These are use cases which will run into a challenge. @sijokuruvilla #DataProtectionBill2021
From an antitrust point of view, you will have more concentration of fewer players. @sijokuruvilla #DataProtectionBill2021
There seems to be concern among players who in the geospatial space from a data protection law standpoint. @prasanto #DataProtectionBill2021
It is important to see how we are going to read all of this together like geospatial, telecom, finance - #JyotsnaJayaram #DataProtectionBill2021
It does bring about subjectivity. No benchmarks to see what this is going to be contained under. I find it very strange that it is put in intra-group transfers - #JyotsnaJayaram #DataProtectionBill2021
If you look at EU, European Commission issues model contracts and DPA ensures its implementation. I think that the decision whether data transfer needs to be done or not, it should be in hands of central government and not DPA - @wisdom_stoic #DataProtectionBill2021
The central government needs to ensure adequacy. The capacity of DPA to look at it is challenging. There needs to be due consideration on how it will be actualised - @wisdom_stoic #DataProtectionBill2021
The huge unintended consequence is subject to scrutiny on a wide kind of ground like state or public policy. It causes ease of doing business problem. - @AA_speaks #DataProtectionBill2021
I do not think localisation is criteria when it comes to asserting adequacy. @wisdom_stoic #DataProtectionBill2021
Wish list: With the present bill, the definition of who is a data fiduciary is any individual so the categorisation needs a relook. - @sijokuruvilla #DataProtectionBill2021
What we lack in strategy, we are trying to implement through laws. We need to lay down a data-defining strategy for the nation. It will be more coherent then. @wisdom_stoic #DataProtectionBill2021
We should have this law enacted and this law to come into force. When we think of law, the objective of data protection, they have made progress. It should not hamper innovation - @AA_speaks #DataProtectionBill2021
I think it is important to realise in context of implementation that we do not pass a law which is unworkable. I hope there are meaningful consultations and codes of practice when they come in. - #JyotsnaJayaram #DataProtectionBill2021
The smartest people in tech policy read MediaNama. Subscribe today to access our reporting, member-only discussions and much more medianama.com/subscription. If you would like to support discussions like this one, please reach out at medianama.com/events #DataProtectionBill2021
And that’s a wrap! Thank you for joining us for the first of Decoding India’s Data Protection Bill. We hope to see you again tomorrow. #DataProtectionBill2021
We’d like to thank our sponsors Meta, Flipkart, Google and Star India for supporting us. We are thankful to our partner, Alliance of Digital India Foundation (@adif_India) for their help in putting together this programme. #DataProtectionBill2021
In case you wish to revisit the video of this discussion, it’s available on YouTube #DataProtectionBill2021
• • •
Missing some Tweet in this thread? You can try to
force a refresh
