India@75: A nation in the making

India withdraws a proposed law on data protection

The Indian government on Wednesday unexpectedly withdrew a proposed bill on data protection—the Personal Data Protection Bill, 2019, that a panel of lawmakers had been laboring over for more than two years, saying it was working on a new law

By Sameer Yasir and Karan Deep Singh
Published: Aug 5, 2022

India withdraws a proposed law on data protectionA motorist rides along a road in front of the Google India office building in Hyderabad on January 28, 2022. The Indian government on Wednesday unexpectedly withdrew a proposed bill on data protection that a panel of lawmakers had been laboring over for more than two years, saying it was working on a new law. Image: Noah Seelam / AFP

The Indian government on Wednesday unexpectedly withdrew a proposed bill on data protection that a panel of lawmakers had been laboring over for more than two years, saying it was working on a new law.

The abandoned legislation, Personal Data Protection Bill, 2019, would have required internet companies such as Meta and Google to get specific permission for most uses of a person’s data and would have eased the process of asking for such personal data to be erased. Countries worldwide have been adopting such steps, including in Europe with the General Data Protection Regulation.

But privacy advocates and some lawmakers complained that the bill would have given the government excessively broad powers over personal data, while exempting law enforcement agencies and public entities from the law’s provisions, ostensibly for national security reasons.

Salman Waris, a lawyer at TechLegis in New Delhi who specializes in international technology law, said the bill was “a bad draft from the inception,” because it would have given the government broad powers to store, use and control the large amounts of data it gathered on its citizens, including fingerprints and iris scans.

In a note to the parliamentary panel last year, Manish Tewari, an opposition politician from the Indian National Congress party, said the bill created “two parallel universes — one for the private sector, where it would apply with full rigor, and one for the government, where it is riddled with exemptions.”

Tech companies, too, were wary, concerned the proposed legislation was going to increase their compliance burden and data storage requirements.

Also read: Parliamentary panel's version of Personal Data Protection Bill endangers privacy: Justice Srikrishna

The bill, which included a rule that tech firms store certain sensitive data about users in India only within the country, would have presented new challenges for global tech giants looking to expand their services in India, the world’s second-largest internet market after China, with more than a half-billion Indians online.

In recent years, Prime Minister Narendra Modi and his governing Bharatiya Janata Party have taken a series of steps to rein in tech companies — including by extending the government’s powers of censorship over social media. Such rules allow the authorities to demand that posts or accounts critical of them be hidden from users in India, as with a recent case involving Twitter. WhatsApp has been told it would be required to make some private messages “traceable” to government agencies if the government believed they involved issues of national security.

Check out our Monsoon discounts on subscriptions, upto 50% off the website price, free digital access with print. Use coupon code : MON2022P for print and MON2022D for digital. Click here for details.

©2019 New York Times News Service

Show More
Post Your Comment
Required
Required, will not be published
All comments are moderated