India's government scraps Personal Data Protection Law

The three year old proposed bill would have enabled the government to gather user data from companies and restricted sharing personal data without consent.

The government of India has scrapped its proposed Personal Data Protection Bill. The bill, proposed in 2019, would have enabled the government to gather user data from companies while regulating cross-border data flows. It also included restrictions on sharing of personal data without explicit consent, proposed establishment of a new Data Protection Authority within the government, and more.

Telecom minister Ashwini Vaishnaw tweeted that the bill was scrapped because the Joint Committee of Parliament (JCP) recommended 81 amendments to the Bill's 99 sections. "Therefore the bill has been withdrawn and a new bill will be presented for public consultation," said Vaishnaw.

Cybersecurity expert Ilia Kolochenko, Founder of ImmuniWeb and a member of the Europol Data Protection Experts Network has spoken out following the news. He said: “Fostered by the success of GDPR, many countries around the globe started implementing national legislation to protect the personal data of their residents. Brazil, South Africa and some states in the US may serve as good examples of GDPR-inspired legislation. The sudden pandemic, however, stringently halted implementations of new privacy legislation in many other countries, as lawmakers and governments were struggling with unprecedented emergencies.

"Today, amid the unfolding economic slowdown, we should expect more efforts aimed to rescue economies, while postponing privacy protection for later. The Personal Data Protection Bill, if implemented, would likely have caused considerable financial hardship for technology companies and other businesses across the country. Proper enforcement and policing of its provisions across the country would likely also be cost-prohibitive. Thus, the decision of the Indian government is, of course, regrettable but is perfectly understandable if regarded through the prism of economic well-being of the country amid the economic turbulence.”

Data protection in India 

According to global law firm Linklaters, India has not yet enacted a specific legislation on data protection. However, the Indian legislature did amend the Information Technology Act which gives a right to compensation for improper disclosure of personal information. The Indian Central Government subsequently issued the Information Technology Rules, 2011. The Rules have imposed additional requirements on commercial and business entities in India relating to the collection and disclosure of sensitive personal data or information which have some similarities with the GDPR and the Data Protection Directive.  

India has introduced a biometric based unique identification number for residents called ‘Aadhaar’. Aadhaar is regulated by the Aadhaar Act and rules and regulations issued thereunder. Entities in regulated sectors such as financial services and telecom sector are also subject to obligations of confidentiality under sectoral laws which require them to keep customer personal information confidential and use them for prescribed purposes or only in the manner agreed with the customer.

Personal data in the country is protected through indirect safeguards developed by the courts under common law, principles of equity and the law of breach of confidence. 



Featured Articles

Gary Merrill: Who Is Commvault’s First-Ever CCO?

Experiencing a period of rapid growth, Commvault have created the new position of CCO and given it to company veteran and former CFO Gary Merrill to lead

Xalient's Stephen Amstutz on Need for Cyber Staff Wellness

Stephen Amstutz, Director of Innovation at Xalient explains why cyber staff are getting stressed and what can be done to help

Worldwide IT Outage Not Cyber Attack - But Software Update

The global IT outage that is being described as one of the biggest ever is thankfully not being attributed to a cyber attack, but rather a software update

Companies Across Cyber Sphere Warn of Surge in DDoS attacks

Cyber Security

UK Takes Steps to Strengthen Country's Cyber Security

Cyber Security

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

Operational Security