The Unique Identification Authority of India (UIDAI) has requested an exemption from the Personal Data Protection (PDP) Law. UIDAI officials told the Joint Parliamentary Committee on Data Protection Bill 2019 at its Bengaluru headquarters on Thursday that the authority is already controlled by the Aadhaar Act and that there can’t be any duplication of legislation.
Ironically, it was the need for Aadhaar for many critical businesses, including banks, that sparked the discussion over data privacy. The report published by a Committee of Experts led by Justice B.N. Srikrishna was the source of inspiration for this Bill. During the Supreme Court’s hearings on the right to privacy issue, the government formed the committee (Justice K.S. Puttaswamy v. Union of India).
The controversial section 35 of the Personal Data Protection (PDP) Bill 2019 invokes “Indian sovereignty and integrity,” “public order,” “friendly relations with foreign states,” and “state security” to give the Central government the authority to suspend all or any of the Act’s provisions for government agencies.
According to insiders, the UIDAI sought that it be granted a blanket exemption from the act under this clause at its meeting with the Joint Parliamentary Committee. It further claimed that the Aadhaar Act already governs it and that the PDP bill would be counterproductive.
This isn’t the first time the UIDAI has taken a position like this. The Authority had made a similar demand, according to a panel member who spoke on the condition of anonymity, during the early stages of discussions.
There are sections in the 2019 Bill that may be interpreted in a variety of ways. “Section 12 of the 2019 Bill affords UIDAI some freedom from the rigours of the Bill since it allows for data processing for the provision of a service or benefit to the data principal,” according to Prasanth Sugathan, Legal Director, Software Freedom Law Centre. Even so, advance notification is required.”
According to sources, UIDAI isn’t the only organisation that wants to be excluded. “We are concerned that, if enacted in its current form, the Bill would result in the creation of two different ecosystems.” One with government entities that will be totally exempt from the regulation, allowing them unlimited latitude in dealing with personal information. The second group will be private data fiduciaries, who will have to comply with every word of the law,” one of the participants said.
The committee is on the road, meeting with different data fiduciaries for a last round of talks on “operational difficulties” in the law’s implementation. The group, which has already been granted five extensions, must present its findings during Parliament’s forthcoming winter session.
The committee met with representatives from Tata Consultancy Services, NABARD, and SBI in Mumbai. Meetings with Infosys, Wipro, and other IT businesses have taken place in Bengaluru.
Source: The Hindu