Personal Data Protection Bill: What Is It? Why Did The Centre Withdraw It? What Will Happen Next?

The Personal Data Protection Bill, which looked to regulate how user data should be processed and stored by the government as well as companies, was withdrawn by the government in a sudden move on August 3. The highly debated bill introduced in 2019 had set alarms down big tech firms such as Google and Facebook-owner Meta. The Centre said it would devise a fresh set of regulations that will be a better fit for the comprehensive legal framework. So, what exactly is the Personal Data Protection Bill? What led to its withdrawal? Here’s everything you need to know.

Personal Data Protection Bill: What is it?

On December 11, 2019, the Personal Data Protection Bill was introduced in the Lok Sabha. It was drafted by the Justice Srikrishna Committee back in 2018. The bill proposed a set of rules that would dictate how personal data should be processed and stored, seeking to set up a Data Protection Authority in India to protect the digital privacy of individuals. It also listed people’s rights when it came to their personal data. 

After a draft of the bill was introduced in the Lok Sabha, it was referred to the Joint Parliamentary Committee (JPC) in December last year before being tabled in the Parliament after six extensions.

Personal Data Protection Bill: Why was it withdrawn?

On August 3, Electronics and Information Technology Minister Ashwini Vaishnaw took tweeted, “Personal Data Protection Bill has been withdrawn because the JCP recommended 81 amendments in a bill of 99 sections. Above that it made 12 major recommendations.”

The Personal Data Protection Bill was slammed by privacy experts. It was deemed to be more beneficial to central agencies as the bill would allow them to freely obtain data under certain conditions. The bill also proposed the handling of non-personal data under the data law on individual privacy, which attracted a lot of ire as well.

Furthermore, big tech firms such as Amazon, Google, and Meta raised objections to some of the bill’s provisions that would mandate local storage of data and also the processing of some sensitive information within the country. It also looked to provide exemptions to the government’s own probe agencies from the Act’s provisions, which saw a huge uproar from the opposition.

The bill also proposed that non-executive and independent directors of social media, Internet, or tech hardware firms could face legal and criminal proceedings for data violations, which was also heavily criticised.

Commenting on the delay in the bill’s withdrawal, Vaishnaw said in an interview with Mint, “What we are doing is basically in line with what the Supreme Court has told us to do. I fully understand that there has been a delay in this, but the subject was too complex. We could have withdrawn it, let’s say, four months back, but we needed a little bit of deliberation before biting the bullet.”

What Will happen next?

Vaishnaw said in a statement, “Considering the report of the JCP, a comprehensive legal framework is being worked upon. Hence, in the circumstances, it is proposed to withdraw 'The Personal Data Protection Bill, 2019' and present a new bill that fits into the comprehensive legal framework.”

“The basic principles of data privacy are already in place, accepted all over the world, and fully understood by the whole global community. So, there’s no change in that,” Vaishnaw said while commenting on the core features of the new comprehensive law.

“The consultation paper that is floated has to have the elements which are reflected in data protection. It has to again be in sync with what we are drafting in the revamp of the IT Act. So, all these things have to be properly synchronised with each other.”