Another bill bites the dust

The Bill had faced heavy criticism from different stakeholders -citizens, tech firms, political parties since its inception
Listen to this story

After dithering for over three years, the Centre on Wednesday finally withdrew the highly controversial Data Protection Bill 2019. The Bill sought to regulate how the government and companies could use the digital data of citizens. It had faced severe backlash from stakeholders – citizens, tech firms, and political parties – since inception and had undergone various changes over the years based on experts’ suggestions.

The Union minister for electronics and information technology (MeiTY) Ashwini Vaishnaw noted that the now-withdrawn Bill had been “deliberated in great detail” by the joint parliamentary committee (JPC). The committee proposed 81 amendments and 12 recommendations to build a “comprehensive legal framework” for the digital space. The Modi government now intends to “present a new Bill”. 

Never-ending delay

Subscribe to our Newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

As per media reports, Vaishnaw said that the new draft would go through the approval process very soon. He was hopeful that the new Bill would get passed in the Budget session of the Parliament. In an exclusive interview with Economic Times, retired Justice B N Sri Krishna (who headed the experts committee that brought out the draft for the Personal Data Protection Bill way back in 2018), commented that the government probably thought it was wiser to withdraw now, “rethink the entire Bill” and come out with a new one with proper provisions. 

The Bill has been doing the rounds for a long time now and prompt action is the need of the hour to put a proper framework for data protection in place. Apar Gupta, executive director, Internet Freedom Foundation, tweeted: “It has been close to 10 years since the AP Shah on Privacy, 5 years since the Puttaswamy judgement and 4 years since the Srikrishna Committee’s report — they all signal urgency for a data protection law and surveillance reforms. Each day lost, causes more injury and harm.”

In the making for half a decade now

It all started with the monumental 2017 Justice Puttaswamy judgment by the Supreme Court that identified privacy as a fundamental right. During the same time, MeiTY constituted an expert committee to study what kind of data protection issues the country was facing and recommend steps and procedures to tackle them. This committee was headed by Supreme Court judge (retired) Justice B N Srikrishna.

The committee submitted the report draft titled ‘A Free and Fair Digital Economy – Protecting Privacy, Empowering Indians’ to IT minister Ravi Shankar Prasad in mid-2018 and proposed the Personal Data Protection Bill-2018.

A template for the developing world

The report highlighted that if India is to shape the global digital landscape in the 21st century, it needs to formulate a legal framework relating to personal data which can work as a “template for the developing world”. 

The committee came up with several recommendations on the methods to be followed to process personal data of citizens by companies (both global and Indian). The stress was on user consent. The report also mentioned the penalties that can be imposed for violation of the rules. 

Image: *Data_Protection_Committee_Report.pdf (meity.gov.in)

In 2019, the Bill was introduced in the Lok Sabha and met with strong criticism. The Parliament formed a JPC to look into the Bill minutely. After a whole two years and many changes later, the JPC report was  tabled during the winter session of the Parliament in late 2021. 

Major Roadblocks

The Bill has received flak for various provisions – a common grievance being that it gave too much power to the government with respect to users’ personal data. Another provision that attracted criticism was Article 35, which could allow the Centre to exempt any government agency from the provisions of the proposed law “in the interest of India’s sovereignty and integrity, the state’s security, friendly relations with foreign states, and public order”.

Image: *Personal_Data_Protection_Bill,2018.pdf (meity.gov.in)

Image:https://www.meity.gov.in/writereaddata/files/Personal_Data_Protection_Bill,2018.pdf

Last year, Congress MPs Jairam Ramesh and Manish Tewari added their dissent notes criticising the exemptions given to the government. TMC MP Derek O Brien, too, had voiced his dissatisfaction.

Image: A Public Brief on the Data Protection Bill, 2021 (internetfreedom.in)

Tech giants were displeased with the Bill

The old Bill had proposed strict regulations on data flows from India to other countries and gave the government the power to seek user data from companies, as a way to maintain its grip over them.

Image:Asia-Internet-Coalition-AIC-Submission-on-Joint-Parliamentary-Committees-Report-on-the-Personal-Data-Protection-Bill_25Jan22-updated.pdf (aicasia.org)

The Bill was not at all well received by tech giants. They were miffed with the provision under the name “data localisation” that asked the companies to maintain a copy of certain sensitive personal data within India. It also prohibited export of critical personal data to another country. Google expressed the said concerns in 2020. It had told the JPC on the Personal Data Protection Bill that India should avoid data localisation requirements.

Sreejani Bhattacharyya
I am a technology journalist at AIM. What gets me excited is deep-diving into new-age technologies and analysing how they impact us for the greater good. Reach me at sreejani.bhattacharyya@analyticsindiamag.com

Download our Mobile App

MachineHack | AI Hackathons, Coding & Learning

Host Hackathons & Recruit Great Data Talent!

AIMResearch Pioneering advanced AI market research

With a decade of experience under our belt, we are transforming how businesses use AI & data-driven insights to succeed.

The Gold Standard for Recognizing Excellence in Data Science and Tech Workplaces

With Best Firm Certification, you can effortlessly delve into the minds of your employees, unveil invaluable perspectives, and gain distinguished acclaim for fostering an exceptional company culture.

AIM Leaders Council

World’s Biggest Community Exclusively For Senior Executives In Data Science And Analytics.

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox
MOST POPULAR