India's government scraps Personal Data Protection Law

The three year old proposed bill would have enabled the government to gather user data from companies and restricted sharing personal data without consent.

The government of India has scrapped its proposed Personal Data Protection Bill. The bill, proposed in 2019, would have enabled the government to gather user data from companies while regulating cross-border data flows. It also included restrictions on sharing of personal data without explicit consent, proposed establishment of a new Data Protection Authority within the government, and more.

Telecom minister Ashwini Vaishnaw tweeted that the bill was scrapped because the Joint Committee of Parliament (JCP) recommended 81 amendments to the Bill's 99 sections. "Therefore the bill has been withdrawn and a new bill will be presented for public consultation," said Vaishnaw.

Cybersecurity expert Ilia Kolochenko, Founder of ImmuniWeb and a member of the Europol Data Protection Experts Network has spoken out following the news. He said: “Fostered by the success of GDPR, many countries around the globe started implementing national legislation to protect the personal data of their residents. Brazil, South Africa and some states in the US may serve as good examples of GDPR-inspired legislation. The sudden pandemic, however, stringently halted implementations of new privacy legislation in many other countries, as lawmakers and governments were struggling with unprecedented emergencies.

"Today, amid the unfolding economic slowdown, we should expect more efforts aimed to rescue economies, while postponing privacy protection for later. The Personal Data Protection Bill, if implemented, would likely have caused considerable financial hardship for technology companies and other businesses across the country. Proper enforcement and policing of its provisions across the country would likely also be cost-prohibitive. Thus, the decision of the Indian government is, of course, regrettable but is perfectly understandable if regarded through the prism of economic well-being of the country amid the economic turbulence.”

Data protection in India 

According to global law firm Linklaters, India has not yet enacted a specific legislation on data protection. However, the Indian legislature did amend the Information Technology Act which gives a right to compensation for improper disclosure of personal information. The Indian Central Government subsequently issued the Information Technology Rules, 2011. The Rules have imposed additional requirements on commercial and business entities in India relating to the collection and disclosure of sensitive personal data or information which have some similarities with the GDPR and the Data Protection Directive.  

India has introduced a biometric based unique identification number for residents called ‘Aadhaar’. Aadhaar is regulated by the Aadhaar Act and rules and regulations issued thereunder. Entities in regulated sectors such as financial services and telecom sector are also subject to obligations of confidentiality under sectoral laws which require them to keep customer personal information confidential and use them for prescribed purposes or only in the manner agreed with the customer.

Personal data in the country is protected through indirect safeguards developed by the courts under common law, principles of equity and the law of breach of confidence. 



Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security