According to reports, the government will shortly release a fresh draft of the data protection bill. The personal data protection bill was dropped in August, after being proposed in 2019.
It is likely to be reintroduced under the name “Digital data protection bill 2022.” After nearly four years of laborious work, the original bill was withdrawn from the parliament in August, on the grounds that it contained numerous flaws.
What happened to the earlier bill?
On December 11, 2019, the Minister of Electronics and Information Technology, Ashwini Vaishanav introduced the ‘Personal Data Protection Bill, 2019’ in Lok Sabha. The bill was referred to the Joint Parliamentary Committee (JPC), headed by BJP MP P.P. Chaudhary. After 78 sittings spanning almost 185 hours, the JCP finally submitted its findings to the Lok Sabha on December 16, 2021. The 542-page report contained 81 amendments in a total of 99 provisions of the bill which led the government to decide that there was ‘no option but to withdraw the original bill completely.
As part of the recommendations, the proposed law’s purview should be widened to include considerations of non-personal data, shifting Bill’s focus from protecting individual privacy rights to protecting all types of data. The bill was also a large setback for tech companies and Indian start-ups. It might backfire on companies that process foreign data in India or on young Indian startups trying to go global due to increased compliance costs.
Large digital companies like Facebook and Google have criticized protectionist data localization policies on the basis of the domino effect. Data localization would have made it essential for businesses to keep a copy of specific sensitive personal data in India, and it would have prevented the export of unspecified important personal data. The central government and its agencies would be given broad exclusions from all of Bill’s requirements, according to the activists’ criticism. They appreciated the government’s decision to withdraw the bill.
Additionally, the JCP study made suggestions for improvements to social media company regulation and the use of only ‘trusted hardware’ in smartphones among other things. It was suggested that social media platforms that don’t serve as intermediaries should be viewed as content providers and held accountable for the material they contain.
Expectations with the new bill
According to a report in the Economic Times, the government would drop the necessity for localizing data in the updated draft of the data protection Bill in favor of allowing data transfers and storage in ‘trusted geographies.’ The government will specify which geographies are “trusted” from time to time. In the new draft, criminal consequences for workers of businesses that commit data breaches would also be dropped. Instead, each violation will result in financial penalties of up to Rs 200 crore multiplied by the number of customers affected.