'81 amendments in a bill of 99 Sections': Here's why Centre withdrew Data Protection Bill

After debating and backing the Personal Data Protection Bill for years, the government on Wednesday finally put an end to it, with a further aim to bring a fresh draft by the next Budget session of Parliament. The Centre is hopeful that the new draft will fit "into the comprehensive legal framework with reference to the suggestions made by the Joint Committee of Parliament (JCP)."

Centre's take on reversal

The government said the decision came as a parliamentary panel's (JCP's) review of the 2019 bill suggested many amendments, leading to the need for a new "comprehensive legal framework".

"Personal Data Protection Bill has been withdrawn because the JCP recommended 81 amendments in a bill of 99 sections. Above that, it made 12 major recommendations. Therefore, the bill has been withdrawn and a new bill will be presented for public consultation," said Union minister Ashwini Vaishnaw.

"Without compromising with any of the principles of privacy or with the SC judgement... we have prepared a new draft. We have completed the Parliament's process today, and we will take the new draft through the approval process very soon. Very soon, hopefully by the Budget session, we should be able to get a new law passed," the minister added.

How did the parliamentary panel react?

Members of the JPC welcomed the Centre's move to withdraw the legislation, saying it was better to bring new legislation after more than 80 amendments suggested by the panel. BJP MP P P Chaudhary, chairman of the parliamentary committee, said after so many amendments suggested by the panel, it makes more sense to bring fresh legislation which will be comprehensive and will include all suggestions made by the committee.

What was the issue with tech giants?

The 2019 law, now withdrawn, had proposed stringent regulations on cross-border data flows and proposed giving the Indian government powers to seek user data from companies. This was seen as part of the Centre's move to impose stricter regulation of technology giants.

There were concerns among Big Tech that the law could increase their compliance burden and data storage requirements.

Data misuse concerns

The Bill had also floated new proposals to regulate "non-personal data", a term for data viewed as a critical resource by companies that analyse it to build their businesses. In response, the parliamentary panel (JCP) suggested that such "non-personal data" should be included in the purview of the Privacy Bill.

To put it simply, a certain section of the now-defunct Bill had proposed the usage of personal data without the explicit consent of citizens.

It had also exempted government agencies from the law "in the interest of sovereignty of India", a step which may have allowed agencies to misuse access. This was strongly opposed by the opposition Members Of Parliament (MPs).

What IT industry association said?

India's IT industry body opined that the new draft must emphasize more on data protection along with including earlier Bill's feedback.

"India's Techade is being shaped by accelerated digitisation and policy measures that enable access and inclusion. Data is the bedrock for Digital India and the new framework for Personal Data Protection can build on the learnings from global implementation of data privacy laws and stakeholder feedback on the earlier bill. The key imperatives will be to operationalise the fundamental right of privacy and enable data protection in a manner that grows trust in data-driven businesses and allows data-led services to grow in a safe and trusted manner," Nasscom stated.