After being in CCI’s crosshairs, Google in Data Protection Bill’s shadow
New Delhi, Sep 30 (IANS) Facing anti-competition lawsuits and complaints globally, Google in recent years has seen a fiercely-fought battle with the Indian regulators, especially with the Competition Commission of India.
Will the new Digital Personal Data Protection Bill (DPDP), the nation’s first-ever legislation aimed at safeguarding users’ personal data from Big Tech, make its life tougher?
In the first case of a Big Tech giant paying a heavy penalty to the Indian regulators, Google in August paid the entire penalty amount of Rs 1,337.76 crore imposed by the Competition Commission of India (CCI) in the Android case. The penalty amount was deposited in the Consolidated Fund of India, within the 30-day deadline given by the National Company Law Appellate Tribunal (NCLAT) in its order.
The Indian market regulator had imposed the penalty on Google in October 2022 for allegedly exploiting its dominant position in the Android market.
The CCI has also imposed a penalty of Rs 936.44 crore on Google in a separate case for abusing its dominant position with respect to its Play Store policies.
Earlier this week, the NCLAT sought responses from Google and the CCI in a plea by Google challenging the penalty of Rs 936.44 crore.
The CCI had penalised Google for alleged abuse of its dominant position in the app store market ecosystem. The NCLAT has now deferred the hearing to November 28.
Earlier this year, in January, the NCLAT had already denied interim relief to Google in this case and rejected its challenge against the penalty. Subsequently, Google took the matter to the Supreme Court but withdrew the appeal in April, opting to continue the case in the NCLAT.
The CCI also directed Google not to engage in anti-competitive activities and mandated the inclusion of third-party billing and payment processing services for in-app purchases.
Dr Ritesh Malik, Director, Alliance for Digital India Foundation (ADIF), said that Big Tech firms started taking the fines/penalties as ‘cost of doing business’ and preferred to pay the same rather than making the ecosystem more fair and non-discriminative.
“It is important to note that Google has made the payment after spending all possible avenues, including reaching out to the Supreme Court and the NCLAT. The paramount concern is whether Google is complying with the CCI rulings in letter and spirit,” Malik said.
With the DPDP Bill, 2023, becoming a reality, experts say that forthcoming rules under the new law will empower Indian users about how Big Tech companies like Google, Meta or X can or cannot use their data.
“The Act aims to concretise the efforts that Big Tech, and data fiduciaries in general, must now undertake towards respecting the users’ privacy rights and control over their personal data. This will now entail transparently informing the users about the specific purposes of data processing, while also obtaining clear and precise user consent that may be later withdrawn,” according to Harsh Walia, Partner at Khaitan & Co.
The users may also request erasure of their data. Moreover, the principle of data minimisation will require collection of only that personal data which is necessary for the specified purpose.
According to experts, the success of the data protection law will be determined by when and how new rules are made and how effectively they are implemented.
“It is also necessary to understand what will be the status of the old IT rules till the new rules are made. Also, we need to see how effective will be the practical mechanism for redressal of common people’s grievances as per India’s new law on foreign tech companies,” Virag Gupta, Supreme Court lawyer and cyber law expert, told IANS.
With the ban on illegal data business, according to the new law, if tax is collected from the data business, then both, society and the economy will be strengthened, Gupta stressed.
The Bill has provisions for hefty penalties ranging from a minimum fine of Rs 50 crore to a maximum of Rs 250 crore on big internet companies’ platforms for violating rules to enable digital markets to grow more responsibly while safeguarding citizens’ data.
The DPDP Bill is certainly a legislation that will create a deep lasting behavioural change and create high penalty punitive consequences for any or all platforms that misuse or exploit the personal data of any Indian citizen, according to Minister of State for Electronics and IT, Rajeev Chandrasekhar.
“For many years, it has been known that many platforms, companies or data fiduciaries have been collecting personal data of individual citizens, not just in India but all around the world and have been exploiting that personal data for their own business models, algorithms, and many other ways,” he said in a video message recently.
This has been done without the awareness or the agreement of the person whose personal data it was.
“This is certainly legislation that will create a deep lasting behavioural change and create punitive consequences, high-penalty punitive consequences for any or all platforms that misuse or exploit the personal data of any Indian citizen,” the minister had stressed.