The Centre on August 3 withdrew the Personal Data Protection Bill, 2019, and will be introducing a new Bill.
The reason for withdrawal given by the Ministry of Electronics and Information Technology Minister Ashwini Vaishnaw to the members of the Joint Parliamentary committee is that 81 amendments were proposed and 12 recommendations were made "towards a comprehensive legal framework".
"Considering the report of the JCP, a comprehensive legal framework is being worked upon. Hence, in the circumstances, it is proposed to withdraw 'The Personal Data Protection Bill, 2019' and present a new bill that fits into the comprehensive legal framework."
In a tweet, Meity MoS Rajeev Chandrasekhar said the JCP report had identified issues that were relevant but beyond the scope of a modern privacy law. "Privacy is a fundamental right of Indian citizens & A Trillion dollar Digital Economy requires Global std Cyber laws (sic)," he said.
The Personal Data Protection Bill was first drafted by an expert committee headed by Justice BN Srikrishna in 2018. The Centre introduced a draft of the Bill in 2019 in the Lok Sabha, which was referred to the Joint Parliamentary Committee in December that year. The committee’s report was tabled in Parliament in December 2021 after six extensions.
The latest version of the bill included both personal and non-personal data under its ambit, which would be dealt with by a Data Protection Authority.
The Bill's previous mandate was limited to personal data and the move to bring non-personal data under its ambit was criticised by many.
The Bill also conflated issues by bringing in social media and non-personal data into its ambit and at the same time exempting the government from purview of the Act, a move that received dissent notes from seven ministers.
The bill was criticised by privacy experts as it was seen as being more in favour of the government rather than protecting privacy, which the Supreme Court held as a fundamental right in 2017.
JPC committee member and Rajya Sabha MP Amar Patnaik who had filed a dissent note told Moneycontrol he supports the withdrawal of the Bill in its existing form and hopes that the revised bill would take into account their concerns.
Experts Moneycontrol spoke to said this is an opportunity to properly consult all stakeholders and address concerns.
Prasanth Sugathan, legal director, SFLC.in told Moneycontrol that since the bill has been in the making for five years, the plan is unclear but since the process is being restarted, it needs to be fastracked. "However, this should not be at the cost of proper consultations with all stakeholders. We need a legal framework on data protection at the earliest with the new economy already going through an inflection point."
Kazim Rizvi, Founding Director of The Dialogue said that the withdrawal seems to indicate that the government has listened to concerns, and withdrawing the bill gives the opportunity to come up with comprehensive legislation that takes into account the rights of consumers as well as interests of businesses.
"This is also a great opportunity to look into certain key issues relating to lack of independence of data protection authority, restrictive cross border data flow and state exemption. The new framework should foster growth and innovation, help the startup ecosystem and enable ease of doing business while ensuring that the data rights of citizens are at the heart of the legislation," he said.