India’s government has withdrawn its long-awaited privacy bill, which caught the attention of several privacy advocates and tech giants who feared the legislation could limit how they manage sensitive information while giving the government broad powers to access it.
The move comes as a surprise as lawmakers recently indicated that a bill introduced in 2019 could see the “light of the day” soon enough. New Delhi received dozens of amendments and recommendations from a parliamentary panel that includes lawmakers from Prime Minister Narendra Modi’s ruling party that “identified many issues that were relevant but outside the scope of a modern digital privacy law,” the junior IT minister said on India Rajeev Chandrasekhar.
The government will now work on a “comprehensive legal framework” and introduce a new bill, he added.
The Privacy Bill seeks to give Indian citizens rights related to their data. India, the world’s second-largest internet market, has seen an explosion of personal data over the past decade as hundreds of citizens went online for the first time and started using dozens of apps. But there was uncertainty about how much power individuals, private companies and government agencies had over it.
“The Privacy Bill 2019 was discussed in great detail by the Joint Committee of Parliament, 81 amendments were proposed and 12 recommendations were made towards a comprehensive legal framework for the digital ecosystem. With the JCP report in mind, a comprehensive legal framework is being worked on. Therefore, withdrawal is suggested under these circumstances. The Protection of Personal Data Bill, 2019′ and introduces a new bill that fits into the overall legal framework,” India’s Information Technology Minister Ashwini Vaishnau said in a written statement on Wednesday.
The bill drew criticism from many industry stakeholders. The New Delhi-based privacy group Internet Freedom Foundation said the bill “provides broad exemptions to government departments, prioritizes the interests of large corporations and does not adequately respect your fundamental right to privacy.”
Meta, Google and Amazon were some of the companies that had concerns expressed for some of the recommendations of the joint parliamentary committee on the proposed bill.
The bill also mandates companies to store only certain categories of “sensitive” and “critical” data, including financial, health and biometric information, in India.
“I hope the bill is not complete rubbish given all the work that has gone into it. Completely trashing the account will create something of a privacy impasse. Nobody wants this,” Nikhil Pahwa, editor of MediaNama, which covers politics and media, said in a series of posts on Twitter.
“The new bill must be subject to public discussion. The government needs to realize that civil society and wider industry involvement help to improve laws and regulations. The JPC did not include many key civil society stakeholders. The government has already made a mess of the IT Rules 2021 and CERT-in directions. It has to be sensible with regulations, otherwise it will hurt India’s digital future.”