The Indian government has recently announced the dismissal of the Personal Data Protection Bill from Parliament. The decision is perceived as preparation for a much broader legal framework set to govern the online space, with the ultimate aim to foster innovation in the Indian nation. This Bill, otherwise known as the “Privacy Bill”, was initially proposed to safeguard individual rights by regulating the collection, transportation, and processing of personal data.
Overview and Challenges of the Personal Data Protection Bill
Introduced to Lok Sabha in December 2019 by the Minister of Electronics and Information Technology, the Personal Data Protection Bill provided measures to prevent violation of individuals’ privacy. However, the Bill faced criticism from several quarters. The principal contention was that in the cyber world, the physical location of data is insignificant as encryption keys could still be inaccessible by national agencies. Critics also argue that terms such as “national security” or “reasonable purposes” are highly subjective and could give rise to state intrusion into private lives. Global tech behemoths like Facebook and Google also opposed the bill, fearing it would set a precedent for other countries to follow.
Reasons for the Withdrawal of the Bill
Following an extensive analysis by the Joint Committee of Parliament (JCP), multiple issues were raised, leading to the proposal of 81 amendments. The key reasons behind the withdrawal of the Bill include issues with data localisation, compliance intensity, pushback from stakeholders, and delays in implementation. A significant point of contention was the element of Data Localisation which required companies to store a copy of certain sensitive personal data within India. This was heavily criticised by activists who believed this gave the central government and its agencies blanket exemptions from the provisions of the Bill.
The Joint Committee of Parliament Recommendations
The JCP offered several suggestions while scrutinising the Personal Data Protection Bill. It proposed 81 amendments and 12 recommendations, including the expansion of the proposed law to encompass discussions on non-personal data. The JCP also recommended changes on issues such as social media companies’ regulation and the use of trusted hardware in smartphones.
Looking Forward
In the revised Bill, it is suggested that data should be stored in a region trusted by the Indian government. For classifying data, the new Bill could simplify processes by removing the classification of personal data from the perspective of data localisation. Instead, classifications will be used for awarding damages to individuals whose personal data may have been compromised.
Understanding Privacy Rights in India through UPSC Civil Services Examination
The Union Public Service Commission (UPSC) has consistently highlighted the importance of understanding privacy rights in India. In 2017, the Supreme Court declared the Right to Privacy as a fundamental right, making it an intrinsic part of the Right to Life and Personal Liberty under Article 21. It also forms a significant part of the freedoms guaranteed by Part III of the Indian Constitution. The UPSC emphasizes conceptual clarity about these rights as the basis for a well-informed civil servant.