Data Privacy Legislation in India, New Developments
August 22, 2022 | 4 minutes read
On Wednesday, August 4, 2022, the Indian government announced that they were withdrawing the Personal Data Protection Bill, 2019, despite the fact that many government officials within the nation had anticipated the law being passed after it was first introduced several years ago in 2019. The reasons for this withdrawal have to do with a larger conversation that is being had in the country of India as it pertains to personal data privacy protection, particularly as it relates to major technology companies and social media platforms such as Meta, Twitter, and Google, among others. With this being the case, the Indian government has raised issues with the manner in which these companies had been interacting with the general public within their country.
Twitter in India
For reference, Twitter announced that they were suing the Indian government in July of 2022 in response to numerous bans that the said government had imposed against the social media platform in the past 2 years. To this point, while the Personal Data Protection Bill was intended to regulate the ways in which tech companies could collect, process, retain, transfer, and disclose the personal information of Indian citizens, there are several other laws that have also been enacted in India on a similar basis. For instance, the Indian government also passed a new set of IT rules in August of 2021, which essentially mandated that major companies that had a significant online presence within the country appoint officials that could serve to address concerns that the government had directly.
Likewise, prior to the passage of India’s new IT rules in August of 2021, the national government had also ordered Twitter to block as many as 500 accounts belonging to Indian residents in February of the same year, as government officials within the country felt that Twitter was being used to stir up political tensions within the nation. While this small exchange only involved a sliver of India’s estimated Twitter population of 75 million users, the underlying issues that prompted such actions in the first place directly impacted the Indian government’s decision to withdraw the proposed Personal Data Protection Bill, 2019 several weeks ago.
Government surveillance vs. privacy
On the other side of the spectrum, in addition to regulating the data collection practices of major tech and social media companies, India’s proposed Personal Data Protection Bill, 2019 also granted the Indian government several exemptions from the law. More specifically, “Manish Tewari, an opposition politician from the Indian National Congress party, said the bill created “two parallel universes — one for the private sector, where it would apply with full rigor, and one for the government, where it is riddled with exemptions.” To this end, many privacy advocates, both inside and outside of the country of India, feared that the enactment of this bill would effectively allow the Indian government to censor free speech, while simultaneously retaining the personal data of Indian citizens at their sole discretion.
The Indian government’s response
In terms of the line of reasoning that the Indian government relied upon when making the decision to withdraw the Personal Data Protection Bill, 2019, it has been reported that government officials felt as though the law had essentially become too complicated and convoluted, as 81 amendments had been proposed to a bill that only contained 99 sections. In addition to this, there are also government officials within the country that felt as though the scope and applicability of the law were limited, as many of said officials contended that data processing should take place locally in India, as opposed to in another country. What’s more, there were also concerns about the ways in which the law would have affected the ability of Indian citizens to utilize their credit and debit cards, as “the country’s central bank last year ordered all companies to purge debit and credit card details beginning in 2022 to protect customers from being charged against their will.”
The withdrawal of India’s Personal Data Protection Bill, 2019 was an intriguing development on a number of different levels, as it is very rare to see a major nation such as India effectively nix a law that has gained so much traction in recent years, especially at it concerns data collection and processing regulations. Subsequently, the myriad of factors that have influenced the enactment of data protection legislation within India has proven too volatile to overcome in the short term, as the Indian government will likely spend the next few years deliberating on which provisions of the law should be added, changed, amended, etc. Nonetheless, the goal of any personal protection law should be to safeguard the personal data of everyday citizens, irrespective of any political agendas or financial interests that may be present.