wordpress blog stats
Connect with us

Hi, what are you looking for?

Data Protection Bill 2021: MP Amar Patnaik bats for data regulators at state level

In his dissent note, Patnaik explores how data regulators could be set up in line with India’s principle of federalism.

Source: Rajya Sabha TV

The Union government must set up data protection authorities at the state and national level, and provide adjudicatory powers to these authorities, Rajya Sabha MP Dr. Amar Patnaik has suggested in his dissent note carried in the Joint Parliamentary Committee (JPC) report on the Data Protection Bill, 2021.

“A state-level data protection authority would be ideally positioned and suited to handle events relating to consent and data breaches occurring in the geographical area,” Dr. Patnaik said.

The JPC report along with the Data Protection Bill, 2021 was tabled in both houses of the Parliament on December 16, after two years of deliberations. The dissent notes from committee members give a view of what the current draft of the bill fails to take into account.

Here’s our complete guide to the Data Protection Bill, 2021

Constitute Data Protection Authority at the state level

Patnaik recommended a two-tier structure for data protection authorities at the national and the state level as a constitutional and administrative imperative. He cited Indian laws like the Right to Information Act and Consumer Protection Act as precedents, and suggested drawing elements from the German and European frameworks.

  • Reason for recommendation: The dissent note reasoned that the bill in its current form puts a strain on federalism and will create problems in implementation.

“Nothing was done to change the design and architecture of the Bill until its final adoption on 22.11.2021 even though I had made repeated observations regarding setting up of state-level Data Protection Authorities from a point of view of constitutional, legal, administrative and jurisdictional balance between the Centre and the State in the true spirit of federalism,” Dr. Patnaik said.

Establish Constitutional Data Protection Commission

Dr. Patnaik recommended an overarching, independent data protection authority to regulate the Union government and its departments, one of the largest data fiduciaries.

Advertisement. Scroll to continue reading.
  • Reason for recommendation: “A data protection authority controlled by the central government will exercise control over state government functions under List II of the Seventh Schedule of the Constitution of India, 1950, such as health, education, public order etc. This will raise issues of conflict in the principle of federalism,” Dr. Patnaik explained. He further wrote that the separation will ensure structural, fiscal, and functional autonomy and protect the commission from adverse changes to tenure, composition, salary, and appointment methods.

Here are some of the features which must be borne by the authority, according to Dr. Patnaik:

  • “The administrative expenses of the Commission must be charged on the Consolidated Fund of India and must be free from government control and interference,” Dr. Patnaik said.
  • “Tenure and method of removal must be introduced into the Constitution,” he added.
  • “The Commission can coordinate between the state data protection authorities, along the lines of the European Data Protection Board coordinating with the national data protection authorities under the GDPR,” Dr. Patnaik said. (emphasis added)

Empower DPAs to perform quasi-judicial adjudicatory functions

Dr. Patnaik’s dissent note offered the following suggestions for the government to keep in mind:

  • An adjudicatory role will save cost for adjudication and allow state authorities to frame their own rules.
  • Benches for adjudication at the district level to improve accessibility.
  • “The number of adjudicating officers, the manner and term of their appointment and the jurisdiction of such officers must be decided by the authority and not the central government to avoid issues of independence, conflict of interest and bias,” Dr. Patnaik said.

Staff data protection authorities independently

The Chairperson and the Members of the Data Protection Authority will be appointed by the Central Government on the recommendation made by a Selection Committee, according to Section 42 of the Bill.

  • Recommendation: Dr. Patnaik called for the authority to be led by a sitting or retired Judge of the Supreme Court because the DPA will have overriding supervision in regards to privacy of data principals and overall data fiduciaries including constitutional authorities like GAG, CEC Lokpal, UPSC, etc.
  • Reason for recommendation: “The Cabinet Secretary represents the Executive which itself is the biggest data fiduciary in the system and against whom most complaints are likely to arise under Articles-32 & 226 of the Indian Constitution as it currently happens in respect of other fundamental rights,” read the note. The selection committee should comprise two experts from the market, one from law and another from IT & social media, etc.

Retain penalties as a deterrent against data fiduciaries

The JPC report has recommended that data fiduciaries be liable to pay fine ‘as may be prescribed’ up to a maximum penalty, upon violation of the Data Protection Act.

  • Recommendation: “The suggestion for removal of penalties from codification under Section 57 of the Data Protection Bill, 2021, to something to be prescribed by the government is not acceptable because these were proposed at the time of initial introduction of the bill by the state,” Dr. Patnaik wrote in the dissent note.
  • Reason for recommendation: “The purpose behind these penalties is to keep the privacy of the citizens as the primary overarching objective of operation on the internet by any data fiduciary, or data processor including the government and promote the digital economy of the country at a parallel level but the latter cannot supplant the former as the primary objective of this Bill,” Dr. Patnaik said categorically.

Limit government exemptions

The Union Government has the power to exempt any government agency from all or any of the provisions of the Data Protection Act for various reasons, as stipulated in Section 35.

Recommendation: Dr. Patnaik said that the scope and applicability of Section 35 should be defined in line with principles laid down by the Supreme Court in the Puttaswamy case. He also asked for a prescribed mechanism by law to review each decision (under section 35) either by a parliamentary body or a judicial institutional arrangement.

Design the bill in accordance with Right to Privacy

Recommendation: “The design of the Bill should adhere to the judgement set out by the SC that privacy is a fundamental right which is guaranteed by the Constitution now, and not by any government. So, citizens’ privacy would be safeguarded by the Constitution when breached even by central or state governments,” read the note by Dr. Patnaik.

Reason for recommendation: “The government cannot appear to be taking a pre-eminent position in safeguarding citizens’ informational privacy as per their whims and interpretation of an event/ occurrence, which is getting conveyed at several places/sections/wordings in the Bill,” Dr. Patnaik said.

Update, December 18, 7:15 pm: The report has been updated following editorial inputs.

Get our white paper on the Data Protection Bill 2021 in your inbox

We may also reach out occasionally with our coverage of the Data Protection Bill and more.
By filling out this form, you agree to receive a copy of MediaNama's white paper and further information about MediaNama's work and services.

Subscribe to MediaNama to get access to our ongoing coverage of the bill. Here is everything we have planned around the report:

Advertisement. Scroll to continue reading.
Written By

I cover several beats such as crypto, telecom, and OTT at MediaNama. I will be loitering at my local theatre and consuming movies by the dozen when I am off work.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ