The Government of India on Wednesday withdrew the long-awaited Personal Data Protection (PDP) Bill, 2019 to replace it with a new bill that fits into a ‘comprehensive framework’ and is in line with ‘contemporary digital privacy laws’.
— Bar & Bench (@barandbench) August 3, 2022
The PDP bill was first introduced in Lok Sabha on December 11, 2019. The bill was referred to Joint Parliamentary Committee, which tabled its report in Lok Sabha on December 16, 2021. The committee suggested coming up with a singular law that includes both personal and non-personal datasets. It also called out for the complete localisation of data.
The parliamentary panel, which included members of the ruling party, “identified many issues that were relevant but beyond the scope of a modern digital privacy law,” said India’s Junior IT Minister Rajeev Chandrasekhar.
Credits: News 18
The withdrawn Bill had proposed restrictions on the use of personal data without the explicit consent of citizens. It had also sought to provide the government with powers to give exemptions to its probe agencies from the provisions of the act, a move that was strongly opposed by the opposition.
The bill had drawn scrutiny from several privacy advocates and tech giants who feared the legislation could restrict how they managed sensitive information while giving the government broad powers to access it.
Meta, Google, and Amazon were some of the companies that had expressed concerns about some of the recommendations by the joint parliamentary committee on the proposed bill.
New Delhi-based privacy advocacy group Internet Freedom Foundation said the bill “provides large exemptions to government departments, prioritises the interests of big corporations, and does not adequately respect your fundamental right to privacy.”
A statement explaining the reasons for the withdrawal was circulated to the members of Lok Sabha. Reportedly the statement included that the government was working on a comprehensive legal framework considering 81 amendments and 12 recommendations proposed by the JPC.
The withdrawn data protection Bill had also proposed some positive amendments. It had also proposed to specify the flow and use of personal data and protect the rights of individuals whose personal data are processed. It also specified the framework for the cross-border transfer, accountability of entities processing data, and mooted remedies for unauthorized and harmful processing.
Minister of State for IT Rajeev Chandrashekhar tweeted that this will soon be replaced by laws adhering to a comprehensive framework of global standards. The new legislation would include digital privacy laws for contemporary and future challenges and catalyse Prime Minister Narendra Modi’s vision of India Techade(digital decade for India).
He added that privacy is a fundamental right of Indian citizens and having a trillion-dollar Digital Economy requires global standard cyber laws.
References: Tech Crunch, Business Standard
Featured Image Source: The Economic Times