Daily News Analysis » Government Withdrew the Personal Data Protection Bill 2021

Government Withdrew the Personal Data Protection Bill 2021

Why in the News?

Recently, the Union government has withdrawn the Personal Data Protection Bill 2021 from Parliament.
  • It would now be replaced by “a new bill that fits into the comprehensive legal framework”.

Key Points:

Data Protection Bill: Timeline

  • 2017: In the backdrop of the Puttaswamy judgment (right to privacy), The Justice Srikrishna panel was set up in 2017 to draw up a data protection framework for the country.
    • Puttaswamy judgment stated that the right to privacy is an intrinsic part of the right to life and personal freedom guaranteed by the Indian constitution.
  • 2018: In July 2018, the committee submitted a draft data protection Bill to the Ministry of Electronics and IT.
  • 2019: In December 2019, the Bill was referred to the JCP (Joint Committee of Parliament).
  • 2021: In December 2021, the JCP tabled its report in Parliament, which Justice Srikrishna said was heavily in favour of the government.
  • 2022: The government withdrew the Personal Data Protection Bill from Parliament as it considers a “comprehensive legal framework” to regulate the online space.

Why the Govt withdrew the Personal Data Protection Bill:

  • Compliance Intensive: It was seen as being too “compliance intensive” by startups of the country.
  • Too many amendments by JCP: Considering the report of the JCP, a comprehensive legal framework is required.
    • It proposed 81 amendments and 12 recommendations.
  • Pushback from stakeholders: It faced major pushback from a wide range of stakeholders including large tech companies such as Facebook and Google and civil society activists.

Committee and Judiciary signal urgency for a data protection law and surveillance reforms:

  • (Justice) A P Shah Committee report on privacy
  • Puttaswamy judgment (right to privacy) and
  • (Justice B N) Srikrishna Committee’s report
They all indicate the necessity of data privacy legislation and surveillance reforms.

Key Challenges with the provision of the Bill:

  • Data Localisation: Under this, it would have been mandatory for companies to store a copy of certain sensitive personal data within India.
    • The export of undefined “critical” personal data from the country would be prohibited.
  • Contentious clause 35: This provision allows government agencies to ignore provisions of the law citing “sovereignty”,“public order”, “friendly relations with foreign states” and “security of the state”.
    • It allows the Government to keep any of its agencies outside the purview of the law.
  • Opposed by Social Media Companies: It sought social media companies to move them from the status of online intermediaries to content publishers, thus making them accountable for the posts they host.

Conclusion:

  • The Government has to averred that a new draft will be in sync with the principles of privacy, in line with Supreme Court guidelines on privacy.
  • The new Bill could also do away with classification of personal data from the perspective of data localisation.