The Indian government has repealed its long-awaited personal data protection law, which has been criticized by several privacy advocates and tech giants who feared the legislation would restrict how they managed sensitive information, while giving the government broad powers to access it. to get.
The move comes as a surprise, as lawmakers had recently indicated that the bill, unveiled in 2019, could see the “light of the day” soon enough. New Delhi received dozens of amendments and recommendations from a parliamentary panel, including lawmakers from Prime Minister Narendra Modi’s ruling party, which “identified many issues that were relevant but outside the scope of a modern digital privacy law,” said Indian junior IT chief executive officer. Minister Rajeev Chandrasekhar.
The government will now work on a “comprehensive legal framework” and introduce a new bill, he added.
The Personal Data Protection Act was designed to give Indian citizens rights over their data. India, the world’s second largest internet market, has seen an explosion of personal data over the past decade as hundreds of citizens first came online and started consuming dozens of apps. But there has been uncertainty about how much power the individuals, private companies and government agencies have over it.
“The Personal Data Protection Act, 2019 was discussed in detail by Parliament’s Joint Committee. 81 amendments were proposed and 12 recommendations made for a comprehensive legal framework for the digital ecosystem. In view of the JCP report, work is underway on a comprehensive legal framework. Therefore, in the circumstances, it is proposed to withdraw. The Personal Data Protection Act, 2019′ and present a new law that fits into the comprehensive legal framework,” Indian IT Minister Ashwini Vaishnaw said in a written statement on Wednesday.
The bill has been criticized by many industry stakeholders. The New Delhi-based privacy advocacy group Internet Freedom Foundation said the bill “provides major exemptions to government agencies, prioritizes the interests of large corporations and does not sufficiently respect your fundamental right to privacy.”
Meta, Google and Amazon were some of the companies that expressed concern on some of the Joint Parliamentary Committee’s recommendations on the bill.
The bill also required companies in India to store only certain categories of “sensitive” and “critical” data, including financial, health and biometric information.
“I hope the bill isn’t thrown out completely, given all the work that has gone into it. Throwing out the bill altogether creates a kind of limbo from a privacy protection standpoint. Nobody wants that,” Nikhil Pahwa, the editor of MediaNama, which covers policy and media, said in a series of posts on Twitter.
“The new bill must be presented to the public. Governments need to realize that civil society and wider industry participation help improve laws and regulations. The GPC did not involve many key civil society stakeholders. The government has already made a mess with 2021 IT rules and CERT facilities. It has to be reasonable with regulation or it will hurt India’s digital future.”