Updated: August 8, 2022 9:58:08 am
Industry experts are divided over the government’s decision to withdraw the Personal Data Protection (PDP) Bill, 2019, and replace it with a new ‘comprehensive legal framework’ and ‘contemporary digital privacy laws’ for regulating online space. The bill was revoked after nearly four years of it being in the works, where it went through multiple changes including a review by a Joint Parliamentary Committee and faced pushback from a range of stakeholders including tech companies and privacy activists.
“The withdrawal of the PDP bill is personally disappointing to me, especially since the industry has already been waiting for four years for this draft to be taken forward,” Dr Rishi Bhatnagar, Chairman, IET Future Tech Panel told indianexpress.com.
According to experts, the proposed Bill stressed on the localisation of data and lacked a bifurcation to accommodate personal and non-personal datasets separately. “There were parts of the proposal that included obtaining of citizen-consent for the usage of personal data and special exemptions to probing agencies from the Act. These aspects of the Bill seem to be collectively responsible for triggering the withdrawal of it,” Bhatnagar said.
However, for Kazim Rizvi, Founding Director, The Dialogue, a New Delhi-based think tank, the withdrawal of the “Data Protection Bill 2021 is the right move as it had various shortcomings and concerns, notably around the lack of independence of the Data Protection Authority (DPA), restrictions on cross-border data flow, the inclusion of non-personal data and broad exemptions to the executive for data processing.”
Subscriber Only Stories
The Bill had been widely criticised for being biased toward the data collection entity. For instance, if any user wants to withdraw their consent from sharing their data, it is possible but the user will have to give “a valid reason” or bear the legal consequence for such withdrawal. Moreover, what constitutes a “valid reason” is also subjective.
Another major drawback of the Bill was a proposed provision called data localisation, under which it would have been mandatory for companies to store a copy of certain sensitive personal data within India, and the export of undefined “critical” personal data from the country would be prohibited.
Experts hope that a new privacy law will be enacted by next year. “The new bill must balance state interest, business interest, and individuals’ privacy concerns on the same keel,” notes Rizvi.
Bhavya Sharma, Founder, Bhavya Sharma & Associates, a legal firm, believes that the news of withdrawal “will provide relief to giant tech companies who have on several occasions raised concerns against the provision provided in the bill related to the usage, storage and processing of data which contradicts the cyber policies they are following. These restrictions would’ve ultimately increased their compliance burden.”
Meanwhile, Bhatnagar believes that the new Bill can only stand out if the framework contains regulations that are at par with global standards. “The re-framing of the Bill can also be enhanced by the inputs of IT thought leaders and experts, where ground realities and existing problems in the IT ecosystem can be touched upon with clarity,” he adds.
📣 Join our Telegram channel (The Indian Express) for the latest news and updates
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.