India's government scraps Personal Data Protection Law

The three year old proposed bill would have enabled the government to gather user data from companies and restricted sharing personal data without consent.

The government of India has scrapped its proposed Personal Data Protection Bill. The bill, proposed in 2019, would have enabled the government to gather user data from companies while regulating cross-border data flows. It also included restrictions on sharing of personal data without explicit consent, proposed establishment of a new Data Protection Authority within the government, and more.

Telecom minister Ashwini Vaishnaw tweeted that the bill was scrapped because the Joint Committee of Parliament (JCP) recommended 81 amendments to the Bill's 99 sections. "Therefore the bill has been withdrawn and a new bill will be presented for public consultation," said Vaishnaw.

Cybersecurity expert Ilia Kolochenko, Founder of ImmuniWeb and a member of the Europol Data Protection Experts Network has spoken out following the news. He said: “Fostered by the success of GDPR, many countries around the globe started implementing national legislation to protect the personal data of their residents. Brazil, South Africa and some states in the US may serve as good examples of GDPR-inspired legislation. The sudden pandemic, however, stringently halted implementations of new privacy legislation in many other countries, as lawmakers and governments were struggling with unprecedented emergencies.

"Today, amid the unfolding economic slowdown, we should expect more efforts aimed to rescue economies, while postponing privacy protection for later. The Personal Data Protection Bill, if implemented, would likely have caused considerable financial hardship for technology companies and other businesses across the country. Proper enforcement and policing of its provisions across the country would likely also be cost-prohibitive. Thus, the decision of the Indian government is, of course, regrettable but is perfectly understandable if regarded through the prism of economic well-being of the country amid the economic turbulence.”

Data protection in India 

According to global law firm Linklaters, India has not yet enacted a specific legislation on data protection. However, the Indian legislature did amend the Information Technology Act which gives a right to compensation for improper disclosure of personal information. The Indian Central Government subsequently issued the Information Technology Rules, 2011. The Rules have imposed additional requirements on commercial and business entities in India relating to the collection and disclosure of sensitive personal data or information which have some similarities with the GDPR and the Data Protection Directive.  

India has introduced a biometric based unique identification number for residents called ‘Aadhaar’. Aadhaar is regulated by the Aadhaar Act and rules and regulations issued thereunder. Entities in regulated sectors such as financial services and telecom sector are also subject to obligations of confidentiality under sectoral laws which require them to keep customer personal information confidential and use them for prescribed purposes or only in the manner agreed with the customer.

Personal data in the country is protected through indirect safeguards developed by the courts under common law, principles of equity and the law of breach of confidence. 



Featured Articles

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Darktrace reveals its top predictions for AI and cybersecurity developments in 2024, which include AI worms, hallucinations and cloud concerns

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security

QR ‘Quishing’ scams: Do you know the risks?

Application Security