The Personal Data Protection Bill, 2019 was abandoned after years of development. A “full legal framework” to safeguard people’s data lacks precise timetables and guiding principles.
The federal government removed the Personal Data Protection Bill, 2019 (PDP Bill) from Parliament during the 2022 monsoon session. “Big tech” refers to US-based IT giants. The union government recently abandoned the third draught of the PDP Bill, which followed the 2018 Justice B N Srikrishna Committee suggestion.
The union minister for electronics and information technology’s statement in parliament that a thorough legal framework is being worked on is not convincing (JPC). Given the US government’s backing for multinational digital technologies or “big tech,” it’s probable that pressure from outside the country contributed to the withdrawal of the PDP Bill.
Before the PDP Bill, India had several data protection laws. This proposal used the B N Srikrishna Committee draught law. Commentators, including Justice B N Srikrishna, criticised the committee’s changes (Mandavia 2019). The measure was criticised for giving government agencies a data protection pass. Despite its attempts to exclude some government bodies, the B N Srikrishna report did not concentrate on surveillance law reform in India. The government’s revisions to the PDP Bill increased the likelihood of a totalitarian dictatorship, as noted by Justice Srikrishna.
Big IT corporations opposed the concept because they didn’t want to export their data. US government: “trade barrier” The Reserve Bank of India’s limits on data localisation have affected global credit card corporations and caused disagreements in data security and the payments ecosystem. Some Indian corporations worried this regulation would increase starting costs, while others said it would help Indian businesses at free or little cost to entrepreneurs.
The PDP Bill was forwarded to the JPC to address problems and give a road forward; it reported its conclusions in December 2021. Among the many adjustments advised, including “non-personal data” was likely the most crucial. Due to ambiguities and the need to prevent duplication, the committee suggests this (DPA). There are 12 basic ideas and several particular improvements to the PDP Bill, from the title to including non-personal data. Importantly, the JPC recommends that the PDP Bill may be adopted when the adjustments are made and the larger ideas can be “implemented in due time.”
The JPC presented various problematic ideas, but combining personal and non-personal data in one statute drew the most attention. People have a right to privacy, which requires protecting their personal data. Non-personal data usage is regulated for economic progress. It may be impossible to distinguish between the two forms of information, but the DPA couldn’t properly exercise its regulatory jurisdiction if it did.
The JPC report has also been criticised since it gives the federal government extensive power to insulate certain corporations from the law. Multiple JPC members disagreed with the conclusions and cautioned that lack of parliamentary authority would erode privacy rights.
Regardless of the JPC’s suggestions, the PDP Bill shouldn’t be rewritten. There was space in the present draught for all of its ideas, whether they were adopted or not. It didn’t reject the law’s technique or intentions. A draught of the updated PDP Bill was included to show how the revisions may be incorporated into the legislation.
It’s perplexing that the union government abandoned the PDP Bill based on the JPC’s conclusions. Despite the JPC’s recommendation, the government has shelved the PDP Bill as revised. The PDP Bill should have been withdrawn and replaced with the JPC version immediately.
The suggestion that the PDP Bill should be abandoned and the effort restarted based on the JPC’s recommendations is illogical given its history, the substantial contributions of stakeholders, and the stage of the discussion. The government could have easily adopted the proposals. The government may reject the JPC’s suggested revisions if they contradict the PDP Bill’s aims. The minister’s statement makes it seem like the sheer amount of adjustments is the key reason for the reconsideration, but a reading of the report indicates that many of the recommended modifications are minimal and could have been incorporated without appreciably changing the PDP Bill.
The bill’s repeal costs India’s population. In Justice (Retd.) K Puttaswamy v Union of India (2017), the Supreme Court annulled a countrywide effort involving many parties. Despite its limitations, a PDP Bill would have given Indian people’ data a modicum of protection, better than the IT Act’s restricted framework. A DPA would have sped up a process that would have taken years. We’re beginning again after the bill’s withdrawal.
The internet is a free-for-all for tech titans, except in authoritarian nations. With US government support and vast data, they’ve formed a monopoly. Despite its flaws, the PDP Bill offered a global South reaction to big tech. Abba Eban, Israel’s ambassador, said that by withdrawing the PDP Bill, India “lost an opportunity.”