Menu Close

India pushes ahead with data privacy bill despite pushback from critics

India’s lower house of parliament greenlit the revised data privacy legislation presented the previous week, even as the bill has received criticism, with many believing that it grants significant discretionary authority to the Prime Minister Narendra Modi-led government.

The Digital Personal Data Protection Bill, which was reintroduced in the lower house last week (nearly a year after abrupt withdrawal of a previous proposal last), makes companies collecting user data mandatory to obtain explicit user consent before processing it. However, it includes “certain legitimate uses” as an exemption for data collection without user consent. It lets platforms process personal user data without the consent of their users when it is provided voluntarily in certain situations, such as sharing payment receipts with users or offering public services.

The bill allows the Indian government to waive compliance requirements for certain data fiduciaries, such as startups, if necessary. It also empowers the government to establish a data protection board and appoint all its members, including the chairperson.

Additionally, the data privacy bill protects the Indian government and its established data protection board from legal action.

The data privacy bill needs to be approved by parliament’s upper house and the Indian president to become a law.

This proposed legal framework comes at a time when digital services are flourishing in the world’s most populous nation. India’s intensifying focus on data privacy, a strategic move that has been brewing over several years, finds resonance with concurrent initiatives in numerous other countries. India’s IT minister Ashwini Vaishnaw said Monday that the bill was necessary to protect the right to privacy of Indian citizens.

The bill covers handling digital personal information, even if it takes place outside of India, as long as it relates to providing goods or services to Indian individuals. The government has the power to decide which countries are not allowed to receive personal data from users.

Opposition leaders, members of the civil society and independent bodies including the local journalists’ association Editors Guild of India expressed apprehension about the data privacy bill’s provisions that grant the central government certain powers and exemptions.

Vaishnaw said the bill was created after a thorough public consultation process involving 48 organizations, 39 ministries, and approximately 24,000 consultations.

New Delhi-based digital rights advocacy group Internet Freedom Foundation said the bill failed to include “several of the meaningful recommendations” that were made during the consultation process of its last draft, and it did not “sufficiently safeguard” the right to privacy of individuals in the country.

“There are many accepted principles of digital data protection,” the minister said, adding the bill included the principles of legality, purpose limitation, data minimization, accuracy, storage limitation, reasonable safeguards and accountability.

“Today, about 900 million Indians have connected to the Internet… In such a situation, there is a need for protection of rights, security and privacy of citizens in this digital world. For this, bill has been brought,” Vaishnaw said.

He added that unlike Europe’s GDPR which included 16 exceptions, the data privacy bill introduced by the Indian government has only four exceptions.

Debates over data protection in the South Asian nation started back in 2017. During that year, India’s Supreme Court reaffirmed privacy as a fundamental right. Two years later, the Indian parliament received the first personal data protection bill that was withdrawn last year after privacy advocates and tech companies including Amazon, Google and Meta criticized for its exemptions for government departments, limitations on protecting user data and restrictions over data exports.

India’s lower house of parliament greenlit the revised data privacy legislation presented the previous week, even as the bill has received criticism, with many believing that it grants significant discretionary authority to the Prime Minister Narendra Modi-led government. The Digital Personal Data Protection Bill, which was reintroduced in the lower house last week (nearly a  Read More TechCrunch 

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.