India scraps privacy bill following big tech outcry

India's parliament building at sunset
(Image credit: Getty Images)

India has withdrawn its controversial data protection and privacy bill that caused alarm among big tech companies, with the aim of developing a new law instead.

The Personal Data Protection Bill, first proposed in 2019, contained rules on cross-border data flows, and considered allocating the Indian government powers to obtain user data from companies, as reported by Reuters.

A government notice declared yesterday the decision was due to a parliamentary panel review of the proposed law, which suggested making a number of amendments. Because of the changes involved, the notice said there was a need for a new comprehensive legal framework, sparking the government into plans to present fresh legislation.

The government had already begun drafting the new bill, which is in its advanced stages. The finer details of the bill and how it differs will be published very soon, the IT minister Ashwini Vaishnaw told Reuters.

He added the government is aiming to get the bill approved and made into law by early 2023 during the parliament’s budget session, which usually runs between January and February.

Originally, the 2019 privacy bill aimed to protect Indian citizens and create a data protection authority, but caused concern among big tech companies, as they were worried it could increase their data storage and compliance burden requirements.

When asked whether stakeholders will be consulted on the new bill that's in development, Vaishnaw said the process won’t be that long as the parliamentary panel that reviewed the previous bill had already completed the process of gathering industry feedback.

The Indian government’s approach to privacy forced WhatsApp to file a lawsuit in May 2021 in a bid to block regulations that would compel the Facebook-owned company to break privacy requirements for its users. The case declared that the country’s new internet laws violate privacy rights in the country’s constitution as it requires social media companies to identify the "first originator of information" when authorities demand it.

Additionally, India’s cyber security rules were criticised by the Internet and Mobile Association of India (IAMAI) in June 2022, with the critics saying it would create an environment of fear rather than trust. The technology industry body, which represents organisations such as Google and Facebook, called for a one-year delay before the rules were set to take effect.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.