Centre withdraws Personal Data Protection Bill, 2019: Will present new legislation, says IT minister Ashwini Vaishnaw

NEW DELHI: The Centre on Wednesday withdrew the Personal Data Protection Bill, 2019, in the Lok Sabha. The Bill was introduced in 2019 and had been referred to a joint parliamentary committee, which had proposed 81 amendments.
Union Minister for Electronics and Information Technology Ashwini Vaishnaw moved a motion in the Lok Sabha to withdraw the Bill on Wednesday. The motion was passed with a voice-vote and the bill was withdrawn.

Vaishnaw said that keeping in mind the amendments, a bill that fits into a 'comprehensive legal framework' would be presented later.
Tech giants opposed bill
The bill had become a bone of contention between the government and tech giants, which had lobbied against many provisions in the legislation.
Congress leader Manish Tewari tweeted: "Most unfortunate, Personal Data Protection Bill, 2019, as amended by Joint Committee of Parliament is being withdrawn by Govt. For full two years ... MPs across parties worked to better it. Big Tech never wanted this Law. Big Tech won. India lost."

What was the bill?
In 2017, the Supreme Court recognised the right to privacy as a fundamental right within the ambit of the Constitution. The top court had directed the Centre to come up with a data protection framework for the country.
The Personal Data Protection Bill was then introduced in India’s parliament on December 11, 2019. It set the rules for how personal data should be processed and stored, and lists people’s rights with respect to their personal information. It also proposed to create an independent Indian regulatory authority called the Data Protection Authority, to carry out this law. The bill also set grounds for exemption.

A Joint Parliamentary Committee was then set up to study the provisions of the bill and give its recommendations.
Main provisions
The bill defined three different categories of data -- personal data, sensitive personal data, and critical personal data. Each category has its own separate obligations and regulatory requirements. Indian companies as well as foreign companies dealing with data of Indian citizens would have had to comply with the law.
If the Bill had been passed, businesses would have to tell users about their data collection practices and seek customers’ consent.
They would have to collect and store evidence of the fact that such notice was given and consent was received. Because the bill gave consumers the right to withdraw their consent, businesses would also have to come up with systems to allow consumers to do so.
In essence, the bill gave consumers the right to access, correct, and erase their data.
The legislation also stated that “sensitive personal data” must be stored in India and that “critical personal data” which includes any data notified by the Central Government to be critical, cannot be transferred out of India.
The bill notably exempted any government agency from any of the provisions of the Bill. The government also has the power to demand non-personal data and anonymised personal data from data fiduciaries for the benefit of various government services.
Congress leader Manish Tiwari had said the bill creates two parallel universes — one for the private sector where it would apply with full rigour and one for the Government where it is riddled with exemption.
(With inputs from agencies)