Tuesday, May 30, 2023
Support Our Journalism
HomeIndiaGovernanceAfter 4.5 years of work, Modi govt could start over on data...

After 4.5 years of work, Modi govt could start over on data protection Bill, says media report

ET report says existing draft with parliament panel’s suggestions might be too burdensome for start-ups, & tech firms, so govt thinks fresh Bill for current times is better option.

Text Size:

New Delhi: After nearly five years of work on a data protection Bill, the Narendra Modi government is thinking of scrapping the draft now on the table in Parliament— with all its recommendations from a Joint Parliamentary Committee — and bringing in a fresh piece of legislation.

According to a report in the Economic Times, the government is considering starting from scratch on a new data protection Bill because the current version isn’t seen as adequately addressing the needs of start-ups and established technology companies. 

“Since it’s a JCP [Joint Committee of Parliament] draft Bill, the government can only tweak the clauses to some extent, but the provisions cannot be changed completely… A better option is to bring a new Bill altogether which is aligned with the current times,” an official was quoted as saying in the report published Thursday.

Officials quoted in the report cited a need to maintain momentum in India’s start-up and technology ecosystem, which created 42 unicorns start-ups valued at or over a billion dollars in the last year alone. The structure envisaged by the current Bill would be “very bureaucratic” with compliance requirements that could “cripple” the industry. 

It was in August 2017 that the government appointed retired Supreme Court Justice B.N. Srikrishna as head of a committee to study and recommend a draft data protection bill. The Srikrishna Committee submitted its recommendations in 2018.

However, the IT ministry then tabled the Personal Data Protection Bill, 2019, in Parliament. This had changes that made it substantially different from the Srikrishna Committee’s recommendations, with Justice Srikrishna himself decrying it as “Orwellian”.

Then, in 2020, a Joint Parliamentary Committee with members from both Houses was appointed to study the Bill. It submitted its recommendations in December 2021.

Concerns over non-personal data, social media intermediaries

The recommendations and changes the Joint Parliamentary Committee asked for included bringing both personal and non-personal data under the ambit of the Bill, and requiring government approval for sensitive personal data of Indians that is to be taken out of the country.

It also mandated a strict timeline of 72 hours in which to report data breaches, and required intermediaries such as social media companies to be responsible for content posted by users on their platforms.

The Economic Times report stated that the committee’s recommendations have received “sustained criticism” from stakeholders in India and abroad. This criticism includes concerns over the attempt to govern non-personal data under a Bill originally intended just for personal data, and the possibility that social media platforms will be held responsible for what users post. 

In addition, Meta (formerly Facebook) in its annual filing with the US Securities and Exchange Commission earlier this month, had shared concerns about regulatory hurdles around data storage and transfer in India. Google’s parent company, Alphabet Inc., had expressed similar worries without naming any country. 

Soon after the Joint Parliamentary Committee’s recommendations were published, the Internet And Mobile Association of India, an industry body, stated its concerns in a 17 December statement that was emailed to ThePrint.

“Prima facie, it seems the draft that was put out in 2019 after the widest possible consultations has changed fundamentally, including the title of the Bill from Personal Data Protection Bill to Data Protection Bill,” the statement said.

“Certain other deviations, such as the recommendations that social media intermediaries could become publishers in certain circumstances, and a few aspects of data localisation norms, change the original structure of the Bill substantially,” it added.

Earlier, in 2019, a Facebook India policy executive had said that separate regulators would be needed to oversee non-personal and personal data, and that it is not “appropriate” to mandate requirements for non-personal data under the Data Protection Bill, since it applied only to personal data.

(Edited by Rohan Manoj)

Also read: Social media companies would be liable for harm to kids under new proposal in US Senate


Subscribe to our channels on YouTube & Telegram

Support Our Journalism

India needs fair, non-hyphenated and questioning journalism, packed with on-ground reporting. ThePrint – with exceptional reporters, columnists and editors – is doing just that.

Sustaining this needs support from wonderful readers like you.

Whether you live in India or overseas, you can take a paid subscription by clicking here.

Support Our Journalism

Most Popular