Personal Data Protection Bill Withdrawn by Central Government – India
In a surprising and significant move, on August 3, 2022, the central government withdrew the much-vaunted Personal Data Protection Bill from the Lok Sabha, with assurances that new legislation with data protection provisions will soon be introduced.
The Minister of Railways, Communications and Electronics and Information Technology, Shri Ashwini Vaishnaw, pointed out in this context that “The Personal Data Protection Bill was withdrawn because the JCP recommended 81 amendments to a 99-article bill. Beyond that, he made 12 major recommendations. Therefore, the bill was withdrawn and a new bill will be introduced.
Since its inception, the Data Protection Bill has been the subject of cacophonous debates and its provisions have elicited a myriad of views from various stakeholders, including tech giants like Meta Platforms, Google, Apple.
Reportedly, the tech giants earlier this year recommended in a letter sent to the minister, among other things, the inclusion of non-personal data and the renaming of the bill as the Privacy Bill. data protection instead of personal data protection bill, restrictions on cross-border data transfers, data localization obligations, and mandatory hardware/IOT and AI software certifications. The tech giants had also suggested inviting further consultations with stakeholders before introducing the disputed bill.
Personal Data Protection Bill 2019
The Personal Data Protection Bill 2019 was presented to the Lok Sabha in December 2019 and was prepared and modeled by a group of experts led by former Supreme Court Justice Hon. Justice BN Srikrishna . The bill categorized the data into critical, sensitive and general and also called for the establishment of a data protection authority. The Data Transfer Outside India Bill stipulated that sensitive personal data may be transferred outside India for processing if the individual explicitly consents and subject to certain additional conditions. However, such sensitive personal data must continue to be stored in India. It further provided that certain personal data notified as critical personal data by the government could only be processed in India.
With over 749 million internet users across the country, India is in a precarious phase with no data protection law in place and dashing any glimmer of hope for the PDP to come into effect. The need of the hour is for new legislation to be implemented as soon as possible, in order to prevent the misuse of data and to restore confidence in the Indian legal system.