[Vidhispeaks] JPC’s Proposed Regulation of Social Media Intermediaries Under the PDP Bill, 2019 – A Fail and a Fail
Criteria for designation of PMI as homeless
Section 26(1) of the PDP Bill 2019 provides a list of criteria based on which the Data Protection Authority (DPA) could notify a Data Trustee or class of Data Trustees as SDF . As indicated above, these criteria included the volume and sensitivity of the personal data processed, the risk of harm resulting from such processing and the technology used for it.
Section 26(4) provided that, notwithstanding anything in Section 26, the central government could notify, in consultation with the DPA, an SMI as a material data trustee. The factors to consider for this were, firstly, whether the number of users was above the threshold notified by the central government and secondly, that the actions of the SMI “have or are likely to have a significant impact on electoral democracy , state security, public order or the sovereignty and integrity of India”.
The Data Protection Bill, 2021 omits Section 26(4) and adds it as Section 26(1)(f). This effectively provides that the DPA must be based on “any (emphasis added) of the following factors, notify any data trustee or class of data trustee as material data trustee, namely…any social media platform” as well as the two criteria for SMIs.