The Indian government on Wednesday announced the withdrawal of the Personal Data Protection Bill from Parliament. Union Minister for Electronics and Information Technology, Ashwini Vaishnaw moved a motion in the Lok Sabha to withdraw the Bill. According to him, the joint parliamentary committee suggested 81 changes to the Data Protection Bill, which led the government to withdraw it eventually. The committee said a new bill will soon replace it. Also Read - Twitter fined $547,000 under GDPR in Ireland two years after disclosing data breach
In his tweet, Chandrasekhar said that a new comprehensive legal framework of global standard laws will replace the Data Protection Bill. The new bill, the name of which is not available yet, will adhere to the Digital Privacy laws “for contemporary and future challenges.” The committee had suggested 81 amendments to the Bill, 12 of which favoured a “comprehensive legal framework.” Also Read - Google permits European users to see Play Store apps from other markets
The government set up a parliamentary committee that proposed the Personal Data Protection Bill in 2019. When passed into law, the framework would have set rules on how companies can gather and use an individual’s data, while protecting their digital privacy. At the time, the Data Protection Bill was likened to Europe’s trend-setting General Data Protection Regulation, better known as GDPR. However, before it was sent to the panel, it faced severe criticism in the parliament from the opposition. Also Read - Irish watchdog warns Facebook over WhatsApp integration
Controversies around the Data Protection Bill
While opposition parties, such as Congress and Trinamool Congress vehemently lambasted the Personal Data Protection Bill, saying that it violated the fundamental rights of Indian citizens, tech companies were not in favour either.
On one hand, the opposition claimed the Bill, if turned into law, would give the government the power to access the personal data of individuals using various clauses, such as national security. On the other hand, tech companies lobbied against it because it would have required them to comply with it. Compliance would mean these companies would have to inform users of their data collection practice and seek their permission for collecting data.
It would also mean that companies have to collect and store evidence of the fact that they sought permission from a user and received their consent. Moreover, the Bill would give Indian citizens the right to withdraw their consent anytime and the company would have to set up a system to let users do so while taking care of the data they had been collecting.
The bottom line is that the Data Protection Bill would give Indian citizens the right to decide what happens with their data. They would be able to access it anytime, amend it, and even delete it as per their choice. And the company storing that data would have no objection to it, the Bill outlined.
The Bill categorised user data into three categories, one of which, called “critical personal data”, cannot be transferred out of India. Another category called “sensitive personal data” needed to be stored in India, according to the law. Tech companies, as much as reluctant to give leeway to laws like this, opposed various clauses in the Bill.