Nearly eight months after it was tabled in Parliament, the government on Wednesday withdrew the Personal Data Protection Bill, which sought to regulate how an individual’s data can be used by companies and the government.
In a statement, Union electronics and information technology minister Ashwini Vaishnaw said, the Personal Data Protection Bill, 2019, was deliberated upon in great detail by the Joint Committee of Parliament (JCP), which suggested 81 amendments. Besides, 12 recommendations were made towards a comprehensive legal framework on digital ecosystem.
The government sources familiar with the developments said incorporating so many changes would have made the existing Bill unwieldy. The revised Bill, they said, would be “neatly drafted” after wide consultations and be tabled by the Budget session.
The Bill was referred to the JPC for examination and the report of the committee was presented to the Lok Sabha on December 16, 2021.
Rajeev Chandrasekhar, minister of state for information technology and electronics, told reporters that the Bill was designed back in 2018, and it was for the limited purpose of privacy. But the JCP report had identified many issues that were relevant but beyond the scope of modern digital privacy law.
According to sources in the know, the government’s approach now will be to have four large buckets of digital rules and regulations with a data privacy Bill, a contemporary IT Act that would deal with user harm, ethical usage, data localisation issues, significant social media institutions, non-personal data, trusted hardware issues, then a National Data Governance Policy and cyber security matters. “Having all these under one Bill was difficult as the government was finding it hard to harmonise it with data protection,” the sources said.
The sources said the new Bill may also bring the data already collected under its purview of rules and regulations — a gap that was not addressed in the Bill just withdrawn.
Chandrasekhar clarified that nothing changes from when the Supreme Court found that the privacy was a fundamental right. “What we are saying is that we will go back to Parliament with a comprehensive framework of laws which address the privacy aspect, as well as all the other contemporary challenges. “It will not be one law,” he said.
Several domestic and industry bodies had raised objections to the contents stating that it introduced several new concepts in the Bill, which were not part of the original one. Civil society groups had also criticised the open-ended exceptions given to the government in the Bill, allowing for surveillance.
The Bill had proposed social media platforms to create a mechanism so that for “every user who registers their service from India or uses their service from India, a voluntary verifiable account mechanism has to be made”. The provision puts the onus of creating the mechanism on the company. The provision was largely aimed at checking social media trolling.
The original Bill defined personal data as information that could help in the identification of an individual and has characteristics, traits and other features of a person’s identity.