Withdrawal of Personal Data Protection Bill
The Central Government on Wednesday withdrew the heavily deliberated Data Protection Bill, 2019 (“Bill”) as per a statement circulated to Members of Parliament in the ongoing monsoon session. The Union Minister for Electronics and Information Technology, Ashwini Vaishnaw stated that the bill was deliberated at great lengths by the Joint Committee of Parliament which has suggested 81 (Eighty-One) amendments and 12 (Twelve) proposals for a comprehensive legal framework on digital ecosystem. The extensive deliberations for a bill that spanned 99 (Ninety-Nine) sections was one of the reasons for the withdrawal of the Bill as stated by Ashwini Vaishnaw.
Rajeev Chandrasekhar, Minister of State for Electronics and Information Technology took to social media to suggest that a new bill which presents a comprehensive framework of global standards, including but not limited to digital privacy will replace the Bill soon. The statement that he provided leaves much left to be seen in terms of the potential of the new data protection bill that may be introduced in the near future. Additionally, having a comprehensive framework that will be based on global standards is a vague framework to adopt given the differing views on data protection across the globe. The subject does not invite partisan opinions and actions across the board.
That being said, in order to contextually understand the withdrawal of the Bill and the ways forward, it is pertinent to see the history and evolution of the Bill prior to its withdrawal. This exercise will also allow us to see where the priorities have been and should be legislatively speaking. Privacy has been a hot button topic before the Apex court for the last decade. In the time that the constitutionality of Aadhaar, was being debated, the Indian government provided guarantees the court that it would bring in a law to protect personal data privacy.
The Committee of Experts under the Chairmanship of Justice B.N. Srikrishna (“Committee”) through their report titled “A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians” had discussed their recommendations in relation to a new data protection that was inspired by approaches taken in different jurisdictions and has especially made use of the European Union’s General Data Protection Regulation (“GDPR”). The Government had introduced the Personal Data Protection Bill in 2019 after extensive debate and stakeholder consultation. Protecting data sovereignty and data regulation for economic benefit seems to have been the two largest concerns that this Bill had attempted to address. Therefore, a balance is required to be sought between a regulatory heavy approach and an ease of compliance approach. It is pertinent to acknowledge all the stakeholders that are involved and the newer industry sectors such as e-commerce, social commerce, platforms as a service and fintech amongst others for whom any changes to data processing, handling, storage, publishing and overall management will be critical.