A New Opportunity: The Hindu Editorial on Rollback of Personal Data Protection Bill

reason stated Withdrawal of Personal Data Protection Bill, 2019 by the government, was that it would come with a “comprehensive legal framework” on data privacy and Internet regulation. The government has said that a new draft will be in line with the principles of secrecy, in line with the guidelines of the Supreme Court based on the landmark judgment on secrecy, i.e., Justice KS Puttaswamy v Union of India, and will consider the recommendations of the Joint Committee of Parliament on the Framework for Regulating the Digital Ecosystem. The 2019 bill was rightly criticized by stakeholders including Justice BN Srikrishna – he chaired a committee of experts who wrote a draft bill in 2018 – for over-emphasizing the national security angle among other reasons. The 2019 bill has departed from the Srikrishna committee’s draft in selecting the chairperson and members of the Data Protection Authority (DPA), which would protect the interests of data principals, and gave the central government an exemption from applications to its agencies. Is. of the act. The 2018 draft bill allowed judicial oversight in the selection process for DPAs, while the 2019 bill limited the structure to the executive. The 2018 bill also allowed state institutions to obtain informed consent from data principals or to exempt them from processing data only in the case of matters relating to the “security of the state”; It also called for a law to provide for “parliamentary oversight and judicial approval for non-consensual access to personal data”. In contrast, the 2019 bill added “public order” as a reason to exempt a government agency from the Act, except that only these reasons be recorded in writing.

By opting to withdraw the bill, it is unclear whether the government will address the demand for restructuring the law with a 2018 draft bill after extensive consultations with civil society. Or would it be in line with the JPC report, which has been criticized by civil society for upholding provisions that allow the government to access private data of citizens without adequate safeguards. The dissenting note on the JPC report by Congress MP Jairam Ramesh, for example, went on to criticize the exemption granted to the government on the exemptions and how the grounds of “public order” and the abuse of “security of the state” were not accountable. It is not clear whether the bill’s withdrawal is linked to opposition from multinational Internet companies to mandatory “data localization”. Meanwhile, the country’s lack of a proper data protection law is an anomaly in comparison to major countries. If the government is indeed committed to a comprehensive legal framework on data privacy and security, it should go back to the baseline provided in the Justice Srikrishna Committee recommendations and enact a law within a reasonable time frame.