The Personal Data Protection Bill, 2019: How it differs from the draft Bill

Anurag Vaishnav - December 27, 2019

The Personal Data Protection Bill, 2019 was recently introduced in Parliament. The Bill has been referred to a Joint Parliamentary Committee for detailed examination, and the Committee is expected to submit its report by the last week of Budget Session, 2020. The Bill seeks to provide for the protection of personal data of individuals (known as data principals), and creates a framework for processing such personal data by other entities (known as data fiduciaries). It provides the data principal with certain rights with respect to their data, such as seeking correction, completion or transfer of their data to other fiduciaries. Similarly, it sets out certain obligations, and other transparency and accountability measures to be undertaken by the data fiduciary, such as instituting grievance redressal mechanisms to address complaints of individuals. Processing of personal data is exempted from the provisions of the Bill in certain cases, such as security of state, public order, or for prevention, investigation, or prosecution of any offence. The Bill also establishes a Data Protection Authority to ensure compliance with the provisions of the Bill and provide for further regulations.

As per the Statement of Objects and Reasons of the 2019 Bill, the provisions of the Bill are based on the recommendations of the report of the Expert Committee (Chair: Justice B. N. Srikrishna) which examined issues related to protection of personal data and proposed a Draft Personal Data Protection Bill, 2018.

In a previous blog, we provided a brief background to the 2019 Bill, explained why a Bill was brought for personal data protection and what are some of the key provisions of the Bill. In this blog, we look at how the 2019 Bill differs from the 2018 Draft Bill.

Table 1: Comparison of the provisions of the 2018 Draft Bill with the 2019 Bill

Provision	Draft Personal Data Protection Bill, 2018	Personal Data Protection Bill, 2019
Definition of personal data	Personal data pertains to characteristics, traits or attributes of identity, which can be used to identify an individual.	The Bill retains the definition and adds that such characteristics or traits will also include any inference drawn from such data for the purpose of profiling.
Sensitive personal data	Sensitive personal data includes personal data related to health, sex life, sexual orientation, financial data, passwords, among others. The Data Protection Authority can categorise any other personal data as sensitive personal data.	The Bill removes passwords from the category of sensitive personal data. The power to further categorise personal data as sensitive personal data will lie with the central government (in consultation with Data Protection Authority and the sector regulator concerned).
Rights of individual (data principal)	The data principal has certain rights with respect to their data such as obtaining confirmation on whether their data has been processed, seeking correction, transfer, or restriction on continuing disclosure of their data.	The Bill provides the right to erasure of personal data which is no longer necessary for the purpose for which it was processed, as an additional right for the data principal.
Non-consensual processing of personal data	Personal data may be processed without obtaining the consent of the individual on certain grounds. These include: (i) any function of Parliament or state legislature, (ii) if required by the State for providing benefits to the individual, and (iii) for reasonable purposes specified by the Authority, such as fraud detection, debt recovery, and whistle blowing.	The Bill removes the provision on any function of Parliament or state legislature as a ground for non-consensual processing of personal data. The Bill adds ‘operation of search engines’ as a reasonable purpose for which non-consensual processing of personal data may be allowed by the Authority.
Social media intermediaries	The draft Bill did not contain this term.	The Bill defines a social media intermediary as an intermediary which enables online interaction between users and allows for sharing of information. All social media intermediaries which are classified as significant data fiduciaries (fiduciaries with users above a notified threshold whose actions can impact electoral democracy or public order) must provide a voluntary user verification mechanism for all users in India.
Exemptions for the government for processing of personal data	The State is exempted from the provisions of the Bill while processing personal data in the interest of national security. However, such processing must be permitted by a law and must be proportionate to the interests being achieved. Further, such processing must be done in a fair and reasonable manner.	The government can exempt any of its agencies from any or all provisions of the Act, for processing of personal data in certain cases. These include: (i) in interest of security of state, public order, sovereignty and integrity of India and friendly relations with foreign states, and (ii) for preventing incitement to commission of any cognisable offence relating to the above matters.
Exemptions for manual processing by small entities	Transparency and accountability measures and certain other obligations will not apply to small entities. These are fiduciaries which: (i) have annual turnover below Rs 20 lakh (or such lower amount as prescribed), and (ii) did not process data of more than 100 individuals in any one day in the last year.	The Bill retains the exemption for small entities. However, it does away with the prescribed limits and allows the Authority to classify fiduciaries as small entities based on the annual turnover of fiduciary and the volume of data processed by such fiduciary.
Transfer of personal data outside country	One serving copy of all personal data should be stored in India.	The Bill removes the provision for mandatory storage of all personal data in the country. It provides that sensitive personal data must continue to be stored in India. Such data can be transferred outside India if explicitly consented by the individual, and subject to certain additional conditions.
Composition of Data Protection Authority of India	The chairperson and members of the Authority will be appointed by the central government on the recommendations of a selection committee. The selection committee will be comprised of: (i) Chief Justice of India or a Judge of Supreme Court as the chairperson, (ii) Cabinet Secretary, and (iii) an expert in field of data protection, information technology and related subjects.	The Bill provides that the selection committee will be comprised of: (i) Cabinet Secretary as the chairperson, (ii) Secretary, Department of Legal Affairs, and (iii) Secretary, Ministry of Electronics and Information Technology.
Offences and penalties	Under the Bill, offences such as: (i) obtaining, disclosing, transferring, or selling personal data in contravention of the Act, and (ii) re-identification and processing of de-identified personal data (data from which identifiers have been removed) without consent, are punishable with imprisonment.	Under the Bill, re-identification and processing of de-identified personal without consent is the only offence punishable with imprisonment.
Non-personal and anonymised personal data	No provision of the Bill would apply to non-personal data used by government for formulation of policies for digital economy, growth or security.	The Bill retains the provision and further provides that the government can direct data fiduciaries to provide it any: (i) non-personal data and (ii) anonymised personal data (where it is not possible to identify data principal) for better targeting of services and formulation of evidence-based policy.

Sources: The Draft Personal Data Protection Bill, 2018; The Personal Data Protection Bill, 2019; PRS.

Legislation

Examining the Model Tenancy Act, 2021 and regulation of rental property in India

Shruti Gupta - June 10, 2021

The Union Cabinet approved the Model Tenancy Act, 2021 on June 2, 2021, for adoption by state and union territory governments. The Model Act has three primary objectives. First, it aims to regulate renting of residential and commercial premises by establishing conditions for tenancy, eviction, and management of the property. Second, in regulating tenancy, it proposes mechanisms to balance and protect the rights of landlords and tenants. Last, it proposes a three-tier adjudicatory mechanism consisting of Rent Authorities, Rent Courts, and Rent Tribunals for speedy adjudication of tenancy related disputes.

However, note that rental housing is regulated by states as land, land improvement, and control of rents falls under the State List of the Indian Constitution. This Model Act is only a proposed framework that states and union territories may alter when passing their own tenancy laws.

In this blog, we provide a background on the rental housing market and explain some issues with the 2021 Model Act.

Need for the Act

In India, 95% of households in rural areas live in self-owned housing, and rental housing is a predominantly urban phenomenon. Between 1951 and 2011, the urban population in India grew by six times and as of 2011, comprises 31% of the total population. This is projected to grow to 40% by 2036. However, the share of persons living in urban rental accommodation has decreased from 58% to 27% between 1961 and 2011. The 2015 draft National Urban Rental Housing Policy noted that urban areas face a significant housing shortage and stated that this cannot be addressed by home ownership. In 2012, a Technical Group studying urban housing shortage estimated the urban housing shortage to be at 1.9 crore units. The 2011 Census noted that between 6.5 crore to 10 crore people (17% to 24% of the urban population) live in unauthorised housing in urban areas. The Economic Survey (2017-18) noted that rental housing is a key way to address informality and shortage. It stated that rental housing enables mobility and affordability for low-income segments, who may not be able to purchase housing. It also observed that a significant portion of urban rental housing stock is vacant, attributing it to unclear property laws, poor contract enforcement, and rent control laws.

State governments regulate rental housing through various legislative tools including rent control laws. To prevent landlords from charging exorbitant rent and ensure affordable housing, these laws specify a ceiling on rent and put conditions on eviction of tenants. The 2015 draft Policy noted that rent control laws discourage private investment in rental properties. It observed that rent control laws also skew arrangements towards tenants and lead to more litigation. This has eroded the trust of landlords in the regulatory system. A significant share of the rental demand is addressed through alternate arrangements such as leave and license agreements and informal leases.

A model law to regulate tenancy was first proposed in 1992. The first draft Model Tenancy Act was released in 2015, which was adopted by Tamil Nadu. However, as of 2021, 20 states including Karnataka, Maharashtra, and West Bengal continue to have rent control laws. A few states including Madhya Pradesh, Jharkhand, and Chhattisgarh have repealed their rent control laws.

Besides its key objectives, the Model Act also seeks to ensure affordability, formalisation and increase private investment in the rental housing market. The framework proposed under the Model Act may address some of these concerns. However, experts have recommended supplementing this with other policy initiatives to meet these objectives. For instance, a 2012 Technical Group observed that about 96% of the urban housing shortage pertains to the Economically Weaker Sections (EWS) and Lower Income Group (LIG) categories. The 2015 draft Urban Rental Housing Policy noted that a repeal of rent control laws may increase private investment and availability of rental housing. However, it has recommended several other measures to ensure affordability of rental housing. These include: (i) provision of incentives such as tax exemptions and subsidies to tenants and home owners, (ii) encouraging public-private partnerships and residential rental management companies, and (iii) enhancing access to finance within the EWS and LIG sectors.

Concerns for right to privacy

The Model Act requires all landlord and tenants to intimate the Rent Authority about a rental agreement with a prescribed form. The form requires both the tenant and the landlord to submit their Aadhaar numbers and attach self-attested copies of the card with the form. This may violate a 2018 Supreme Court judgement, which states that requiring Aadhaar card or number can be made mandatory only for expenditure on a subsidy, benefit or service incurred from the Consolidated Fund of India. Registering a tenancy agreement does not entail these, therefore making Aadhaar number mandatory for registering a tenancy may violate the judgement.

The Model Act also states that tenants and landlords will be provided with a unique identification number after registering a rental agreement. Details of the agreement along with other documents will be uploaded on the Rent Authority’s website. It is unclear if personal details of the parties such as PAN and Aadhaar number, which must be submitted along with the agreement, will also be made available publicly. If these are shared on the website, this may violate the right to privacy of the involved parties. The Supreme Court has included the right to privacy as a fundamental right. This right may be infringed only if three conditions are met: (i) there is a law, (ii) the law achieves a public purpose, and (iii) the public purpose is proportionate to the violation of privacy. Sharing personal information of individuals may not serve a public purpose, and hence may violate the right to privacy of such individuals.

Dispute redressal

The preamble of the 2021 Model Act and the background note accompanying the 2020 draft Model Act state that it seeks to establish a speedy adjudication mechanism for disputes linked to tenancy agreements. The Model Act specifies the timelines for resolution of cases linked with eviction and payment of rent. However, timelines have not been specified for certain cases. For instance, no timeline has been specified within which the Rent Authority must resolve a dispute on withholding of essential services or revision of rent.

Specification of minute details

The Model Act seeks to balance the tenant-landlord relationship by specifying rights and duties of both parties. However, it also caps the maximum possible security deposit amount that a tenant must pay to the landlord. Further, a suggestive framework for the rental agreement also includes minute details on responsibility for repair and maintenance. If codified, these specifications may hinder flexibility in framing tenancy agreements.

For a PRS analysis of the Model Tenancy Act 2021, please see here.

Home

MPs & MLAs

Legislatures

Parliament

State

Bills & Acts

Budgets

Policy

LAMP

Careers

The Personal Data Protection Bill, 2019: How it differs from the draft Bill

Examining the Model Tenancy Act, 2021 and regulation of rental property in India

Recent Posts