We missed this earlier: The sudden withdrawal of the Data Protection Bill, 2021 (DPB) on August 3rd ‘has essentially dispensed with the institutional processes, in which all three branches of government worked for years,’ wrote MP Dr. D. Ravikumar to the Union Minister of Electronics and Information Technology Ashwini Vaishnaw. ‘The several rounds of public consultations and work put in by the civil society has now been jettisoned in favor of “a comprehensive legal framework”,’ the Minister noted in his August 10th memorandum.
Why it matters: All it took was a swift oral vote to withdraw the DPB from Parliament—with this, the privacy rights of Indians remain in regulatory limbo for reasons unknown. Ravikumar’s letter pushes the government for clarity on the Bill’s withdrawal and transparency on the new law’s development. Since then, the Union Minister and Minister of State for Electronics and Information Technology Rajeev Chandrasekhar have answered these questions in part—albeit through breadcrumbs thrown to various English media houses.
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
Reiterating the urgent need for a data protection law, Ravikumar, who represents Tamil Nadu’s Villupuram constituency and is a member of the Dravida Munnetra Kazhagam, posed four questions to Vaishnaw in the interest of a ‘transparent and fair’ drafting process for the new law.
He inquired about the components of the much-discussed ‘comprehensive legal framework’ set to replace the DPB, whether working groups had been constituted to revise the data protection law, and whether a public consultation would be held for it. Ravikumar also questioned whether the government will release a White Paper elaborating its views on the Joint Parliamentary Committee’s (JPC) recommendations on the erstwhile Personal Data Protection Bill, 2019.
Ravikumar further criticised the many lives and objectives of India’s proposed data protection law. ‘In its two year journey, the key objective of the 2021 [Data Protection] Bill pivoted from the need to protect informational privacy to placing economic interest and encouraging “sustainable growth of digital products and services”,’ his letter noted. His memorandum to Vaishnaw can be read as a self-described attempt ‘to help advance digital rights of Indian citizens by encouraging a rights-centric approach to (..) safeguard citizens’ personal data.’
What the Government Has Said on the New ‘Legal Framework’ So Far
In interviews, tweets, and op-eds, Vaishnaw and Chandrasekhar have suggested that the JPC’s 81 amendments to the DPB were vast and could have resulted in unwieldy legislation. In an August 7th interview with Business Line, Vaishnaw argued that ‘India is better off having specific bills focusing on specific aspects of digital technology and its usage.’
The package of laws will reportedly target four areas within India’s IT sector: telecom, privacy, social media platforms, and the Information and Technology Act, 2000 (IT Act). With both Ministers reiterating their commitment to privacy and 2017’s Puttaswamy judgment, the Privacy Bill aims to be one of the ‘cornerstones of the digital world’ and will protect personal data (while tentatively leaving aside non-personal data). These laws may cover sub-sectors like data management and safety, data governance, cybersecurity, and emerging technologies.
Given the Ministry of Electronics and Information Technology’s (MeitY) reported commitment of late to building an ‘open, safe, transparent, and accountable’ Internet for Indians, it can be expected that these laws may reflect the Ministry’s interpretation of these values too.
Both Ministers have reiterated that public consultations for the personal data protection law and the refreshed IT Act will take place soon. The laws are likely to be tabled in Parliament either in the Winter or Budget sessions.
Notably, MeitY is considering whether controversial provisions of the DPB—including data localisation requirements and the institution of a Data Protection Authority (DPA)—will make it to the new laws, as per recent reports. Ministry sources suggest that the DPA may be replaced by a grievance redressal mechanism, raising concerns over government interference in data protection complaints raised by citizens.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.