Why Modi govt withdrew the Personal Data Protection Bill

The Personal Data Protection Bill 2019 was withdrawn Wednesday after parliamentary panel recommended 81 changes. Govt is now working on a new ‘comprehensive legal framework’.

0
667
Cybersecurity | Representational image | Commons
Representational image | Commons

New Delhi: After nearly three years of deliberations, the Narendra Modi government has withdrawn the contentious Personal Data Protection Bill 2019, which aimed to regulate how companies and the government could use the digital data of citizens.

Union Minister for Electronics and Information Technology (MeitY) Ashwini Vaishnaw withdrew the bill in Parliament Wednesday. In a statement, he noted that the bill had been “deliberated in great detail” by the joint parliamentary committee (JPC), which had proposed 81 amendments as well as 12 recommendations for a comprehensive legal framework for the digital ecosystem.

“Considering the report of the JCP, a comprehensive legal framework is being worked upon. Hence, in the circumstances, it is proposed to withdraw the Personal Data Protection Bill, 2019, and present a new bill that fits into the comprehensive legal framework,” the statement read.

The main idea behind the bill was to safeguard citizens’ privacy by properly defining personal data, establishing a Data Protection Authority (DPA), and chalking out a policy framework for data use, including by big tech companies like Meta and Google.

However, the bill came under fire from Opposition parties as well as some civil society groups who alleged that while it sought to introduce more controls for data use by private companies, it granted too many exemptions to the government and its agencies.

With the withdrawal of the bill, the government has maintained that incorporating the various amendments and recommendations would not have been conducive to the start-up ecosystem in India, and thus another framework would need to be devised.

Some opposition leaders, however, have criticised the move. Taking to Twitter, Congress leader Manish Tewari claimed that it signified a win for big tech, which “never wanted this law”.

In another tweet, he said, “I still believe that had it been debated on floor of the House better legislation could have emerged.”

The MeitY Minister’s statement, meanwhile, emphasised that the government is now embarking “on an approach of a comprehensive framework of rules and laws to catalyse trillion dollar economy and India’s techade [tech+decade]”.


Also read: JPC looking at personal data protection bill as national prosperity issue an odd choice


What was the bill all about?

The Personal Data Protection Bill was first introduced in Parliament on 11 December 2019, in the wake of the Supreme Court deeming the “right to privacy” as a fundamental right under the Constitution.

The court had then asked the government to come up with a policy framework that could be duly followed by all the relevant stakeholders, including big tech companies.

The idea of this bill was to ensure that there is a framework or rules to abide by when it comes to handling of personal data by institutions and big tech companies. Personal data, in the bill, was divided into three categories: sensitive personal data (like health, sexual orientation, finances), critical personal data (left to be defined by the government), and basic personal data.

Companies were supposed to inform consumers about how are they utilising data and take consent from them. The bill gave the consumers the right to withdraw consent whenever they wanted and companies had to oblige and provide a mechanism to enable this.

Further, the law proposed strict regulations on the flow of data outside of India’s borders, including giving the government powers to seek information about users from companies.

There were also regulations on how certain “critical” data could not be utilised by organisations whose roots were not in India. However, this was opposed by big tech companies since it required them to change how they store and process the data of Indian users.

The bill was sent to a joint parliamentary committee for further deliberation on its provisions, one of them being, forming a central agency called the Data Protection Authority to monitor the implementation of these rules. The JPC submitted its report to the Lok Sabha in December 2021.

(Edited by Asavari Singh)


Also read: Panel for appeals & deadline to remove content — govt proposes tweaks to close ‘gaps’ in IT rules