New Delhi: After nearly three years of deliberations, the Narendra Modi government has withdrawn the controversial Personal Data Protection Bill 2019, which aims to regulate how companies and governments can access citizens’ digital data.
Union Minister of Electronics and Information Technology (MeitY) Ashwini Vaishnav on Wednesday withdrew the Bill in Parliament. In a statement, he said the bill had been “considered in great detail” by the Joint Parliamentary Committee (JPC), which proposed 81 amendments as well as 12 recommendations for a comprehensive legal framework for the digital ecosystem .
“Considering the JCP report, a comprehensive legal framework is being worked out. Therefore, under the circumstances, it is proposed to withdraw the Personal Data Protection Bill, 2019 and introduce a new Bill which fits into the broader legal framework,” the statement read.
The main idea behind the bill was to protect the privacy of citizens by properly defining personal data, establishing a Data Protection Authority (DPA) and creating a policy framework for data usage, including by large tech companies such as Meta and Google.
However, the bill came under criticism from opposition parties as well as some civil society groups, who alleged that while private companies sought to introduce more controls for data use, it provided did. Discount Government and its agencies.
With the withdrawal of the Bill, the government has maintained that the inclusion of various amendments and recommendations would not be conducive to the start-up ecosystem in India, and thus a further framework would be required.
However, some opposition leaders have criticized the move. Taking to Twitter, Congress leader Manish Tewari claimed that it marks the victory of big tech, which “never wanted this law”.
The most unfortunate is the Personal Data Protection Bill 2019 being withdrawn by the government, as amended by the Joint Committee of Parliament. Lawmakers worked to make it better during the height of wave 1 and 2 of COVID-19 for two full years. Big Tech never wanted this law. Big Tech won. India lost pic.twitter.com/fagKXXY3Hf
— Manish Tewari (@ManishTewari) 3 August 2022
In another tweet“I still believe that if this was debated in the House, a better law could have been made,” he said.
Meanwhile, the MeitY minister’s statement emphasized that the government is now embarking on a “vision for a comprehensive framework of rules and laws to catalyze a trillion dollar economy and India’s technology”. [tech+decade],
Read also: Seeing JPC Personal Data Protection Bill as National Prosperity is a Strange Choice
What was the bill after all?
The Personal Data Protection Bill was first introduced in Parliament on 11 December 2019, with the Supreme Court recognizing the “right to privacy” as a fundamental right under the Constitution.
The court had then asked the government to come up with a policy framework, which can be followed by all concerned stakeholders, including big tech companies.
The idea of the bill was to ensure that a framework or rules were followed for handling personal data by institutions and big tech companies. Personal data, in the bill, was divided into three categories: sensitive personal data (such as health, sexual orientation, finances), critical personal data (left to be defined by the government), and basic personal data.
Companies had to inform consumers about how they were using the data and get their consent. The bill gave consumers the right to withdraw consent whenever they wished and companies were obliged and provided a mechanism to enable it.
In addition, the law proposed stricter rules on the flow of data outside India’s borders, including giving the government the right to obtain information about users from companies.
There were also rules on how certain “critical” data could not be used by organizations that did not have roots in India. However, it was opposed by big tech companies as it required them to change the way Indian users stored and processed data.
The bill was referred to a joint parliamentary committee for further deliberation on its provisions, one of them setting up a central agency called the Data Protection Authority to oversee the implementation of these rules. The JPC submitted its report to the Lok Sabha in December 2021.
(Edited by Aswari Singh)