Having withdrawn its proposed personal data protection bill in August, the Indian government now expects to release a newly drafted bill in about a week for public comment.
It seems that, with 88 amendments suggest by a joint parliamentary committee studying the original draft – which was first presented in late 2019 – revamping the bill was seen as the only reasonable option.
India’s Economic Times says that concerns about the bill had been expressed by the non-profit Internet Freedom Foundation (a group that defends online freedom in India), which suggested that the bill gave large exemptions to government departments, prioritised the interests of big corporations, and did not adequately respect people's fundamental right to privacy, implying a potential for mass surveillance.
To complicate matters, a number of global industry bodies had also opposed the joint committee version of the bill, suggesting it would significantly degrade India's business environment and reduce foreign investment inflows.
Early indications of planned changes are that criminal penalties proposed on staff of companies involved in data breaches will be scrapped and replaced by financial penalties. These will vary in severity depending on the number of users affected.
Data localisation has been put on hold too. The government will also allow transfer of data and its storage in (so far unspecified) ‘trusted geographies’ in the revised draft.
The revised draft of The Personal Data Protection (PDP) Bill — to be renamed the Digital Data Protection Bill – will also drop provisions to regulate non-personal data and social media.