India Nixes Proposed Law On Data Protection

The Indian government unexpectedly withdrew a proposed bill on data protection that a panel of lawmakers had been laboring over for more than two years, saying it was working on a new law.

The abandoned legislation, Personal Data Protection Bill, 2019, would have required internet companies like Meta and Google to get specific permission for most uses of a person’s data, and would have eased the process of asking for such personal data to be erased. Countries worldwide have been adopting such steps, including in Europe with the General Data Protection Regulation.

But privacy advocates and some lawmakers complained that the bill would have given the government excessively broad powers over personal data, while exempting law enforcement agencies and public entities from the law’s provisions, ostensibly for national security reasons.

Salman Waris, a lawyer at TechLegis in New Delhi who specializes in international technology law, said the bill was “a bad draft from the inception,” because it would have given the government broad powers to store, use and control the large amounts of data it gathered on its citizens, including fingerprints and iris scans.

In a note to the parliamentary panel last year, Manish Tewari, an opposition politician from the Indian National Congress party, said the bill created “two parallel universes — one for the private sector, where it would apply with full rigor, and one for the government, where it is riddled with exemptions.”