India Scraps Data Privacy BillAugust 4, 2022
The Indian government on Wednesday unexpectedly withdrew a proposed bill on data protection that a panel of lawmakers had been laboring over for more than two years, saying it was working on a new law.
The abandoned legislation, Personal Data Protection Bill, 2019, would have required internet companies like Meta and Google to get specific permission for most uses of a person’s data, and would have eased the process of asking for such personal data to be erased. Countries worldwide have been adopting such steps, including in Europe with the General Data Protection Regulation.
But privacy advocates and some lawmakers complained that the bill would have given the government excessively broad powers over personal data, while exempting law enforcement agencies and public entities from the law’s provisions, ostensibly for national security reasons.
Salman Waris, a lawyer at TechLegis in New Delhi who specializes in international technology law, said the bill was “a bad draft from the inception,” because it would have given the government broad powers to store, use and control the large amounts of data it gathered on its citizens, including fingerprints and iris scans.
In a note to the parliamentary panel last year, Manish Tewari, an opposition politician from the Indian National Congress party, said the bill created “two parallel universes — one for the private sector, where it would apply with full rigor, and one for the government, where it is riddled with exemptions.”
Tech companies were also wary, concerned that the proposed legislation was going to increase their compliance burden and data storage requirements.
The bill, which included a rule that tech firms store certain sensitive data about users in India only within the country, would have presented new challenges for global tech giants looking to expand their services in India, the world’s second-largest internet market after China, with more than half a billion Indians online.
In recent years, Prime Minister Narendra Modi and his governing Bharatiya Janata Party have taken a series of steps to rein in tech companies — including by extending the government’s powers of censorship over social media. Such rules allow the authorities to demand that posts or accounts critical of them be hidden from users in India, as with a recent case involving Twitter. WhatsApp has been told that it would be required to make some private messages “traceable” to government agencies if the government believed they involved issues of national security.
Yet a number of lawyers and experts say rules to safeguard the privacy of citizens online and hold companies responsible for misusing or leaking users’ personal data are badly needed. The abrupt withdrawal of the bill, by a government that seldom bends to political opposition, surprised many Indians.
“It’s not about getting a perfect law, but a law at this point,” said Apar Gupta, the executive director of the Internet Freedom Foundation, a…