Withdrawal of the personal data protection bill after 5 years of deliberation by the government could be against the interests of Indian data citizens, according to experts. On Wednesday, the government sprung a surprise by withdrawing the much debated and contentious Personal Data Protection Bill from the parliament while promising to introduce new legislation very soon.

Withdrawal of the Bill, which aimed to implement the Supreme Court mandated right to data privacy as per the 2017 Puttaswamy judgement could have a detrimental impact on protecting the data rights of Indian citizens, according to experts. 

The Bill was contentious as a myriad of interest groups, including big tech and civil liberty organisations would have been impacted. After being introduced in the Lok Sabha in 2019, it was referred to the Joint Committee of Parliament. The government noted that the detailed amendments from the Committee warrant a fresh Bill instead of re-working the present one.

The withdrawal of the proposed law comes even as 137 out of 194 countries have put in place legislation to secure the protection of data and privacy under the UN Conference of Trade and Development. Moreover, in Africa and Asia, 61 and 57 per cent of countries have adopted such legislation.

Experts note that while the Bill was contentious, even from a civil liberties perspective, the legislative approval of a data protection law would indicate that the government acknowledged the urgency to protect its citizens’ privacy. Prateek Waghre of the Internet Freedom Foundation noted, “the implementation of the Bill would ensure that at least some level of accountability is required from private enterprises regarding how they utilise the data of Indian citizens. The implementation would thus provide a baseline, which the government could improve upon further.” 

‘Chance to improve’

Given that the government wishes to incorporate the JCP’s recommendations into a fresh Bill, Waghre noted that this provides the government with the opportunity to incorporate measures that will better protect citizens’ privacy, including the creation of a more accountable data protection authority. “It recommended that the DPA shall consist of six whole-time members and a chairperson, appointed by the Central Government on the recommendation of a selection committee,” noted IFF. Moreover, IFF notes that in the new legislature it is ensured that the government is not to be exempted from the rigours of the data protection regime unless it is authorised by law and is necessary and proportionate.

Mansi Kedia, Policy Researcher at the Indian Council for Research on International Economic Relations, also noted that the implementation of a data protection Bill by the legislature would have ensured that trust is fostered between Indian consumers and institutions like tech companies and the government, as it would have facilitated more transparency regarding how these institutions plan on using the data of an Indian citizen. 

Said Abhishek Malhotra, Managing Partner of TMT Law Practice, “Withdrawal of the Data Protection Bill, from a consumer perspective, does not bring about any material change now. The core rights, which are ingrained in the data privacy principles across the globe, are already available to the public under the IT (SPDI) Rules, 2011, and so there will not be much change in the rights afforded to the end users. Indian citizens have now found an opportunity to present their case better to the government and the authorities, for making any submissions that might not have been considered earlier.”

Ashish Aggarwal, VP and Head of Public Policy at NASSCOM, said, “Given that this law has been deliberated for so long, purely from the point of view of the key objective of the law, which is to operationalise the fundamental right of privacy, it is important that we as a nation get this law right.”