APPOINTMENTS OF THE DATA CONTROL BOARD WOULD BE CONTROLLED BY THE CENTRE GOVERNMENT.

An adjudicatory body that will deal with privacy related grievances and disputes between two parties is learnt to have been retained in the data protection Bill and the control of the central government in appointing members of the data protection Board has been given and the Chief executive of the Board will be appointed by the Central Government which will also determine the terms and conditions of their service.Despite protecting to set up the data protection Board,the Bill will also allow the government to direct any entity to furnish information "as it may call for" and allowing the center greater control over the law and while laying down consent norms for entities collecting personal data of individuals,also allow for a leeway for certain "legitimate uses" both by the government itself and private entities.As per the final version,the center can process the data of the citizens without expressly seeking their consent for National security reasons and to offer other services such as, subsidies , benefits, certificates licence or permits.Private companies have been afforded the privilege to deal with employment related matters, including corporate espionage.The Bill gives powers to the Central Government to prescribe a lower age of consent then 18 years for accessing internet services without parental consent if the plateform they are using can process their data in a verifiable safe manner.This would essentially a white listing approach meant for companies in the edtech sector, and for medical purposes, among other things .The centre has proposed to significantly ease cross border data flows to international jurisdictions,by moving away from a whitelisting approach to a blacklisting mechanism.Earlier the government had said that it would issue a list of countries where data flow would be allowed .However the final change means that data flows are allowed by default to all regions unless prohibited by the government,a move that is being seen as a measure to ensure business continuity .The government could notify entities as "significant data fiduciary" after considering factors such as the volume of personal data they possess ,the risks they could pose to electoral democracy, and their impact on National security and public order among other things.Social media platforms like Facebook,You tube and the WhatsApp are likely to be clubbed under this category these entities are required to appoint a data protection officer for grievances redressal and carry out periodic data protection impact assessments.