The Economic Times daily newspaper is available online now.

    Fresh legislation may replace Data Protection Bill

    Synopsis

    ​Among the options being discussed is the introduction of fresh legislation that can cater to the ongoing "sea change in the local and global technology (environment)", those aware of the thinking within government circles said.

    data centre providers_THUMB IMAGE_ETTECHETtech
    New Delhi: India may draft a completely new privacy bill, people directly aware of the matter told ET, by putting aside the current version of the Personal Data Protection Bill 2019 that has been in the making for nearly five years and does not comprehensively address the requirements of the country’s changing technology landscape, they said.

    Among the options being discussed is the introduction of fresh legislation that can cater to the ongoing "sea change in the local and global technology (environment)", those aware of the thinking within government circles said. It would also allay concerns that current provisions may hurt the country’s fledgling technology and start-up ecosystem, which saw a record 42 unicorns being created in the last one year, they added.

    Elevate Your Tech Prowess with High-Value Skill Courses

    Offering CollegeCourseWebsite
    MITMIT Technology Leadership and InnovationVisit
    Indian School of BusinessISB Professional Certificate in Product ManagementVisit
    IIM KozhikodeIIMK Advanced Data Science For ManagersVisit
    DataETtech

    The 2019 Bill — drafted first by a panel led by retired Supreme Court Judge BN Srikrishna — was reviewed by a Joint Committee of Parliament that submitted its final recommendations and a revised draft Bill only in November 2021.

    "Since it’s a JCP draft Bill, the government can only tweak the clauses to some extent but the provisions cannot be changed completely… A better option is to bring a new Bill altogether which is aligned with the current times," said one of the officials cited above.

    The Bill, originally mooted in 2017, was drafted by the Srikrishna Committee after a year-long consultation process and the government tabled the first draft of the legislation in Parliament three years ago. Subsequently, the JCP took a further two years, amid the pandemic, to study the contours of the highly-debated regulation.

    "The momentum in the startup world that we are seeing now wasn’t there then… the envisaged structure of the data protection authority is very bureaucratic. The compliance requirements from the industry as per this draft Bill will completely cripple it," said one person directly in the know.

    The regulation proposed by the JCP was due to be presented in Parliament during the second leg of the Budget session, which begins from March 14. However, the Bill is yet to be discussed by the Cabinet.
    Controversial Legislation

    The proposed regulation has attracted sustained criticism from several stakeholders, both local and global. They have flagged provisions such as the inclusion of non-personal data, treating social media as publishers, and the structure of the Data Protection Bill, as concerning.

    ET reported recently that a recent study commissioned by the European Data Protection Board (EDPB) has called out data policies of India—specifically the exemptions that the government has sought under Section 35 of the Data Protection Bill — as an area of concern.

    The information technology sector has also petitioned the government that the broad exemptions sought by lawmakers will adversely impact the fortunes of India’s $190 billion IT-BPM industry in the European Union.
    In a filing with the Securities and Exchange Commission (SEC) earlier this month, Meta Platforms (formerly known as Facebook) has said it is concerned about India's upcoming privacy legislation which seeks local storage and in-house processing of data. Google too has expressed similar concern over regulatory hurdles in its recent SEC filings.

    Race Against Time

    "Yes there are some concerns, but the Bill can be changed slightly to address them," said one senior official, adding that the government has to take a call on how to proceed.

    However, a third person aware of developments cautioned that any major change in the Bill will require another round of industry-wide consultation. "Time is of the essence here and we must understand that very clearly," the person added.

    The Privacy Bill is a marquee piece of legislation which was supposed to give India — one of the world’s largest Internet markets — a regulatory framework for the first time. The parliamentary panel studying the law has, however, recommended that the Bill include both personal as well as non-personal data and for the legislation to be termed as Data Protection Bill instead of Personal Data Protection Bill.

    Further, it has sought the establishment of a single regulatory authority to oversee both personal and non-personal data and has recommended that the Centre, in consultation with sectoral regulators, prepare an extensive policy on data localisation.

    It also allows for broad exemptions to the government from the provisions of the bill and asks for social media platforms to be treated as content publishers.

    "People think that the Bill will harm the Big Tech companies, but more than that it will hurt our companies, we have to be very careful," said the first source cited above.

    The person added that clauses pertaining to a single regulator for non-personal and personal data, localisation norms apart from the structure of the data protection authority are the biggest concerns with the current draft Bill.
    The Economic Times

    Stories you might be interested in