In a surprising and significant move, the Central Government on August 03, 2022 has withdrawn the much- touted Personal Data Protection Bill from the Lok Sabha, with an assurance that a New legislation entailing data protection provisions will be introduced soon.
The Minister of Railways, Communications and Electronics & Information Technology, Shri Ashwini Vaishnaw in this context remarked that “The Personal Data Protection Bill has been withdrawn because the JCP recommended 81 amendments in a bill of 99 sections. Above that, it made 12 major recommendations. Therefore, the bill has been withdrawn and a new bill will be presented.”
Since, its very inception, the Data Protection Bill has been a subject of cacophonous debate and its provisions have invited myriad views from various stakeholders, including Tech giants like Meta Platforms, Google, Apple .
Reportedly, the Tech giants, earlier this year had inter alia recommended in a letter sent to the Minister, the inclusion of non-personal data and renaming of Bill as Data Protection Bill instead of Personal Data Protection Bill, restrictions on cross-border data transfers, data localization obligations and mandatory hardware/IOT and AI software certifications. The tech giants had also suggested to invite additional stakeholder consultations before introducing the impugned Bill .
Personal Data Protection Bill of 2019
The Personal Data Protection Bill of 2019 was introduced in the Lok Sabha in December, 2019 and was prepared and modelled by an expert group headed by former Supreme Court Judge, Hon’ble Justice BN Srikrishna. The Bill classified data into Critical, Sensitive and General and also sought establishment of a Data Protection Authority. The Bill with respect to transfer of data outside India, stipulated that Sensitive personal data may be transferred outside India for processing if explicitly consented to by the individual, and subject to certain additional conditions. However, such sensitive personal data should continue to be stored in India. It further provided that certain personal data notified as critical personal data by the Government could only be processed in India.
With more than 749 million internet users across the country , India stands at a precarious stage with no data protection law in force and wiped out gleam of hope of coming into force of the PDP. The need of the Hour is that a New legislation is enforced at the earliest, so that misuse of data is prevented and the faith in India’s legal system is restored.