The government on Wednesday withdrew the Personal Data Protection Bill, a controversial data protection and privacy bill which was first proposed in 2019 and had alarmed big technology companies such as Facebook and Google, announcing it was working on a new comprehensive law. The 2019 bill had proposed stringent regulations on cross-border data flows and proposed giving the government powers to seek user data from companies, seen as part of Prime Minister Narendra Modi’s stricter regulation of tech giants.
A government notice said the decision came as a parliamentary panel’s review of the 2019 bill suggested many amendments, leading to the need for a new “comprehensive legal framework”. The government will now “present a new bill,” the notice added.
Minister of State for IT minister Rajeev Chandrasekhar said on Twitter the new planned framework will adhere to global standards, adding that privacy was a fundamental right of Indian citizens, and that the economy required such cyber laws.
The 2019 privacy bill was designed to protect citizens and establish a so-called data protection authority, but it had raised concerns among Big Tech giants that it could increase their compliance burden and data storage requirements.
“It is good that there will be a redraft from scratch,” said Prasanto Roy, a New Delhi-based consultant who closely tracks India’s technology policy.
“However, India still has no privacy law in sight. That’s leaving data regulation open to a wide variety of sectoral regulations, something a common privacy law could have harmonised.”
Concern over data misuse
The government says such regulations are needed to safeguard the data and privacy of citizens. Lawmakers have said that concerns about misuse of sensitive personal data have risen exponentially in India.
Companies including Facebook, Twitter and Google have for years been concerned with many other separate regulations the government has proposed for the technology sector, often straining relations between New Delhi and Washington.
After the privacy law plan of 2019, the government also floated new proposals to regulate “non-personal data”, a term for data viewed as a critical resource by companies that analyse it to build their businesses. The parliamentary panel had said such non-personal data should be included in the purview of the privacy bill.
The bill also exempted government agencies from the law “in the interest of sovereignty of India”, a provision privacy advocates at the time said would allow agencies to abuse access.
“There were multiple, large concerns earlier. One has to wait and watch whether the new bill is any better,” said Apar Gupta, the executive director at advocacy Internet Freedom Foundation.
© Thomson Reuters 2022