The Government of India introduced a new digital privacy bill in the Lok Sabha, the lower house of India’s Parliament, on Thursday after withdrawing a similar privacy bill last year. The Digital Personal Data Protection Bill, 2023 was introduced over privacy concerns voiced by opposition leaders, who argued that the bill should be submitted to the Lok Sabha’s Standing committee for an in-depth review.
The bill aims to prohibit cross-border data transfers, penalize firms for data breaches and establish a framework for establishing a data protection authority to enforce compliance. The third of its kind, this bill comes six years after the Supreme Court declared privacy a fundamental right. The last iteration of the bill, known as the Personal Data Protection Bill, 2019, was withdrawn by Parliament in August 2022, possibly because a Joint Parliamentary Committee Report suggested 81 amendments to the previous bill.
A draft of the current bill was shared for consultation in December 2022. While the draft had provisions that would protect the fundamental right to privacy, it lacked multiple privacy safeguards. Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar said that the newly introduced bill will safeguard all citizens’ rights, promote innovation, and give the government lawful and authorised access to deal with catastrophes like pandemics and earthquakes.
The bill outlines the rights and obligations of users as well as the responsibilities of businesses in order to regulate and protect the use of personal data. The bill requires businesses to disclose what information is being collected and why it is being collected and to grant users the right to delete or modify their personal information.
While the government believes that the bill fulfils today’s privacy requirement time and strikes a balance between individual privacy and data exchange, there are looming concerns about state surveillance and major privacy violations by businesses. The bill grants the “State and its instrumentalities” a wide range of exemptions. Personal data may be processed, for example, “to fulfil any legal obligation” or “in the interest of the sovereignty and integrity of India or the security of the State.”