The Indian government on Wednesday unexpectedly withdrew a proposed bill on data protection that a panel of parliamentarians had been working on for more than two years, citing it as working on a new law.
The waived law, the Personal Data Protection Bill of 2019, requires Internet companies such as Meta and Google to obtain specific permissions for most uses of personal data and prohibits the erasure of such personal data. It would have made the process of asking easier. Countries around the world have taken such measures, including the European General Data Protection Regulation.
But privacy advocates and some legislators argued that while the bill exempts law enforcement and public agencies from the statutory provision, ostensibly for national security reasons, it also provides overly broad powers over personal data. to the government.
Salman Waris, an attorney at TechLegis in New Delhi who specializes in international technology law, said the bill was “a bad draft from the start” because it gave the government broad powers to store, use and control the vast amounts of data it collects. ‘ was said. About citizens, including fingerprints and iris scans.
of Note to Congress Panel Last year, Manish Tewari, an opposition politician from the Indian National Congress Party, said the bill “has created two parallel universes.
Technology companies were also wary, concerned that the proposed legislation would increase compliance burdens and data storage requirements.
The law included rules for tech companies to store certain sensitive data about Indian users only within the country, so they are looking to expand their services in India, the world’s second-largest internet market after China. It would present new challenges for the world’s tech giants. Over 500 million Indians online
In recent years, Indian Prime Minister Narendra Modi and his ruling Bharatiya Janata Party have taken a series of steps to curb tech companies, including expanding the government’s censorship powers over social media. Such rules allow authorities to require that posts or accounts critical of them be hidden from Indian users, as was the case recently with Twitter. WhatsApp is said to be required to make some private messages “trackable” by government agencies if the government believes they are related to national security issues.
But many lawyers and experts say rules are desperately needed to protect citizens’ privacy online and hold companies accountable for the misuse or disclosure of users’ personal data. The sudden withdrawal of the bill by a government that rarely yields to political opposition has taken many Indians by surprise.
Apar Gupta, executive director of the Internet Freedom Foundation, a New Delhi-based digital rights group, said: “Every lost day causes more injury and harm.”
The government’s explanation for withdrawing the bill was that it became too complicated while a committee of parliamentarians worked on the bill. A commission set up by the government “recommended 81 amendments in the 99-section bill,” his Information Technology Minister Ashwini Vaishnaw wrote. on Twitter“The bill has been withdrawn and a new bill will be submitted for public consultation.”
In India, the world’s fastest growing market for new internet users, millions of new users have come online and started using hundreds of free and paid apps that store their data, thus increasing the risk of personal data is increasing explosively.
State efforts to better protect data go beyond the data protection bill. For example, in India, credit card issuers and payment processors need to store data about local transactions within the country.
India has resisted claims by financial firms that setting up local data processing would significantly increase costs, set a precedent for other countries to do the same, and could affect fraud surveillance.
In addition to the requirement to store data locally, the country’s central bank last year urged all businesses to remove debit and credit card details from 2022 to prevent customers from being unintentionally charged. I ordered to
The move caused frustration for both businesses and customers, many of whom had transactions declined or had to re-enter their details.
