Introduced in the Lok Sabha in December 2019, theย Personal Data Protection (PDP) bill would be rolled back by early 2023.
The bill aimed at setting up a data protection authority to protect user privacy, but it did not go well with global tech companies who apprehended that it could increase their compliance burden and data storage requirements.
Till now, the bill has undergone multiple reviews as tech firms voiced concerns regarding the data localization provision in it, under which they were required to store a copy of sensitive personal data in data centers located within the countryโs borders. Moreover, there were sanctions on export of undefined โcriticalโ personal data.
The government is now mulling over a โcomprehensive frameworkโ that aligns with the new data norms.
Calling for a law that regulates online space, data privacy, internet ecosystem, cybersecurity, telecom, Minister of Electronics and Information Technology Ashwini Vaishnaw said that following red flags raised by the Joint Committee of Parliament (JCP) in its December 16, 2021, report, the government withdrew the regulation.
In works since 2018
The data protection bill has been in the works since 2018 when a panel, led by retired Supreme Court judge Justice B.N Srikrishna, had drafted the bill. Following which, the JCP was roped in to review the regulation.
Minister of state Rajeev Chandrasekhar tweeted, โThe JCP report on personal data protection bill had identified many issues that were relevant but beyond the scope of a modern digital privacy law. Privacy is a fundamental right of Indian citizens and a trillion dollar digital economy requires global cybersecurity laws. It will catalyze PM Narendra Modiโs vision of IndiaTechade.โ
JCP report on Personal Data protection bill had identified many issues that were relevant but beyond the scope of a modern Digital Privacy law
Privacy is a fundamental right of Indian citizens & A Trillion dollar Digital Economy requires Global std Cyber laws #IndiaTechade
— Rajeev Chandrasekhar ๐ฎ๐ณ(Modiyude Kutumbam) (@Rajeev_GoI) August 3, 2022
Expertsโ take
On the development, tech and legal experts said the governmentโs move was anticipated since revisions to the bill were overdue. It is being expected that the new law will protect personal as well as non-personal data of citizens.
โThe new legal framework that will define data protection in India is expected to be a broader law that not only covers personal data, but also segregates personal and sensitive data — and how companies will have to handle each segment. The future law will also lay down regulations for how companies in India will have to handle non-personal data,โ TechCircle quoted Pawan Duggal, a cyber security expert and Supreme Court lawyer, as saying.
