A fresh opportunity: On the rollback of the Personal Data Protection Bill

The Personal Data Protection Bill’s withdrawal is a chance to address lacunae, but a data protection law brooks no delay

August 06, 2022 12:20 am | Updated August 15, 2022 04:28 pm IST

The stated reason for the Government’s withdrawal of the Personal Data Protection Bill, 2019, was that it will come up with a “comprehensive legal framework” on data privacy and Internet regulation. The Government has averred that a new draft will be in sync with the principles of privacy, in line with Supreme Court guidelines based on the landmark judgment on privacy, i.e., Justice K.S. Puttaswamy vs Union of India, and would consider the Joint Committee of Parliament’s recommendations on the framework to regulate the digital ecosystem. The 2019 Bill had been rightly criticised by stakeholders, including Justice B.N. Srikrishna — he chaired a committee of experts that had authored a draft bill in 2018 — for overemphasising the national security angle, among other reasons. The 2019 Bill diverged from the Srikrishna Committee Draft in the selection of the chairperson and members of the Data Protection Authority (DPA) that shall protect the interests of data principals, and in the leeway given to the Union government to exempt its agencies from the application of the Act. The 2018 draft Bill allowed for judicial oversight in the selection process for the DPA, while the 2019 Bill limited the composition to the executive. The 2018 Bill allowed for exemptions to be granted to state institutions from acquiring informed consent from data principals or to process data in the case of matters relating only to the “security of the state”; it also called for a law to provide for “parliamentary oversight and judicial approval of non-consensual access to personal data”. In contrast, the 2019 Bill added “public order” as a reason to exempt a government agency from the Act, besides only providing for these reasons to be recorded in writing.

By choosing to withdraw the Bill, it is unclear whether the Government would address the demand for a realignment of the legislation with the 2018 draft Bill that came about after extensive consultations with civil society. Or whether this would be more in line with the JPC report, which has also been criticised by civil society for retaining provisions that allow the Government access to private data of citizens without sufficient safeguards. Dissent notes to the JPC report, by Congress MP Jairam Ramesh for example, went on to criticise the leeway granted to the Government on exemptions and how the ground of “public order” and not “security of the state” was liable for misuse. It is not clear if the Bill’s withdrawal is linked to opposition to mandatory “data localisation” from multinational Internet companies. Meanwhile, the lack of a proper data protection law in the country is an anomaly when compared with major countries. If the Government is indeed committed to a comprehensive legal framework on data privacy and protection, it must revert to the baseline provided in the Justice Srikrishna Committee recommendations and enact a law within a reasonable timeline.

To read this editorial in Tamil, click here.

To read this editorial in Hindi, click here.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.