Mumbai: The Central Government of India withdrew the much-awaited Personal Data Protection Bill 2019 in the lower house of the Parliament on Wednesday.
The withdrawal comes after it was first introduced in Parliament in 2019. Since then a Joint Parliamentary Committee (JPC) had worked for the past two years, scrutinizing its draft and proposing 81 amendments.
Withdrawal of Personal Data Protection Bill 2019
However, Union Minister for Electronics and IT (MeitY) Ashwini Vaishnaw moved a motion in the Lok Sabha, which is the lower house of the Parliament to withdraw the Bill on Wednesday.
Addressing the Parliament, Union Minister Vaishnaw said the Central Government will present a “comprehensive legal frame” later replacing the withdrawn bill keeping in view the amendments.
“It will soon be replaced by a comprehensive framework of global standard laws including digital privacy laws for contemporary and future challenges…,” said Vaishnaw.
While, defending the Central Government of India’s move to withdraw the Personal Data Protection Bill, 2019, IT Minister of State Rajeev Chandrasekhar said the parliamentary panel report on the bill had identified many issues that were relevant but beyond the scope of modern digital privacy law.
“Privacy is a fundamental right of Indian citizens and a trillion-dollar digital economy requires global-standard cyber laws,” said Chandrasekhar.
Even before the Indian Government initiated the process to come up with its own privacy and cyber laws there are already such laws in place in other parts of the world.
For example, there were the Privacy Shield and Safe Harbour laws in the European Union (EU) in the 90s and early 2000s. These old laws were replaced with a more comprehensive and stringent regulation called the GDPR – first introduced in 2016.
In the next two years, the EU enforced the General Data Protection Regulation (GDPR) as a stringent data privacy law with heavy penalties against those companies that fail to adhere to it. GDPR safeguards the personal data and privacy of EU citizens.
As a reference, India’s Central Government could have studied the EU’s GDPR and tried to replicate and modify it in accordance with other Indian laws. Firstly, this would have saved a lot of time in drafting the data privacy bill and India would have enacted the Personal Data Protection law a few years earlier.
BJP-led Central Government under scrutiny
The withdrawal decision of a very significant Personal Data Protection Bill,2019 has put the BJP-led Central Government under scrutiny, raising more doubts about its intentions on crucial issues such as personal data protection, privacy and safety of Indians.
One of the top opposition leaders from the Indian National Congress (INC) party Manish Tewari called the decision to withdraw the bill “most unfortunate.”
“Most unfortunate Personal Data Protection Bill 2019 as amended by Joint Committee of Parliament is being withdrawn by Govt. For full two years during the height of waves 1 & 2 of COVID-19 MP’s across parties worked to better it. Big Tech never wanted this Law. Big Tech won. India lost,” tweeted Manish Tewari.
However, Sandip Kumar Panda, Co-Founder of Instasafe Technologies has a different view on the withdrawal of the bill emphasizing “clarity in the data protection law.”
“Currently, we have a lot of tech companies operating globally and serving Indian users. It is necessary to have clarity in the data protection law on what sensitive data organisations can share with the government and what user data to be retained as confidential as part of data privacy,” said Panda.
“Data privacy shouldn’t be compromised for data protection. It is essential to have the right bill that supports the tech ecosystem rather than pushing law in a short time span that creates more confusion,” added Panda.
Certainly, the decision to withdraw a crucial bill after putting five years of work is a regressive move because instead of considering those 81 amendments in the Bill, the BJP-led Modi Government choose to pull back.
It was in 2017 that the Supreme Court of India recognised the right to privacy as a fundamental right of citizens under the Consitution of India. This led the Central Government to draft the Personal Data Protection Bill over the next two years and introduce it in Parliament in 2019.
Given Bill’s nature, the Central Government had sent the Bill to the JPC to oversee the draft and propose its recommendations. Following this, the JPC during the last two years worked on the draft and proposed 81 amendments.
Contentious in nature
Interestingly, the existing Bill was contentious in nature due to some of its recommendations. For instance, under the Bill, the Central Government agencies had powers to freely obtain data, and non-personal data was put under data law on individual privacy.
Besides, tech giants including Meta, Google and Amazon had objected to Bill’s mandate for local data storage and sensitive information processing within India. The Bill had proposed strict legal actions including criminal proceedings against the heads or executives of social media, hardware or internet companies for data violations in India.
Personal Data Protection Bill, 2019 – a mixed bag
Overall, the Personal Data Protection Bill, 2019 was a mixed bag. On one side, it directed tech companies and businesses in India to full comply and adhere to the users’ consent regarding personal data and privacy. And on the other side, it gave government agencies free hand to obtain data on people in certain cases.
The BJP-led Central Government although has withdrawn the Bill, it hasn’t put any timeline for the proposed new ” comprehensive legal frame” as well as its form and scope.
Ironically, the Modi Government since it came to power in 2014 has rolled out several digital initiatives, however, it is either slow or a bit reluctant to enact laws with recommendations and amendments that will help to protect the personal data and privacy of Indian citizens.