The Indian government is withdrawing its long-awaited Personal Data Protection Bill that drew scrutiny from several privacy advocates and tech giants who feared the legislation could restrict how they managed sensitive information while giving the government broad powers to access it.
The move comes as a surprise as lawmakers had indicated recently that the bill, unveiled in 2019, could see the “light of the day” soon. New Delhi received dozens of amendments and recommendations from a Joint Committee of Parliament that “identified many issues that were relevant but beyond the scope of a modern digital privacy law,” said India’s Junior IT Minister Rajeev Chandrasekhar.
The government will now work on a “comprehensive legal framework” and present a new bill, he added.
The Personal Data Protection Bill sought to empower Indian citizens with rights relating to their data. India, the world’s second largest internet market, has seen an explosion of personal data in the past decade as hundreds of citizens came online for the first time and started consuming scores of apps. But there has been uncertainty on how much power the individuals, private companies and government agencies have over it.
“The Personal Data Protection Bill, 2019 was deliberated in great detail by the Joint Committee of Parliament, 81 amendments were proposed and 12 recommendations were made towards comprehensive legal framework on digital ecosystem. Considering the report of the JCP, a comprehensive legal framework is being worked upon. Hence, in the circumstances, it is proposed to withdraw. The Personal Data Protection Bill, 2019′ and present a new bill that fits into the comprehensive legal framework,” India’s IT Minister Ashwini Vaishnaw said in a written statement Wednesday.
The bill drew criticism from many industry stakeholders. New Delhi-based privacy advocacy group Internet Freedom Foundation said the bill “provides large exemptions to government departments, prioritizes the interests of big corporations, and does not adequately respect your fundamental right to privacy.”
Meta, Google and Amazon were some of the companies that had expressed concerns about some of the recommendations by the joint parliamentary committee on the proposed bill.
The bill also mandated that companies may only store certain categories of “sensitive” and “critical” data including financial, health and biometric information in India.
“I hope that the bill isn’t junked altogether, given all the work that went into it. Junking the bill altogether will create a limbo of sorts from a privacy protection standpoint. Nobody wants that,” said Nikhil Pahwa, the editor of MediaNama, which covers politics and media, in a series of posts on Twitter.
“The new bill should be put up for public consultation. Government should realize that civil society and wider industry participation helps improve laws and rules. The JPC did not involve many key civil society stakeholders. Govt has already made a mess with IT Rules 2021 and CERT-in directions. It needs to be reasonable with regulations otherwise this will hurt India’s digital future.”