×

Personal Data Protection Bill awaits an act of faith

The bill could lose part of its name in the next JPC session

Even the smartphone industry would not keep up with the amount of re-configuring, retweaking and updating that the Personal Data Protection (PDP) Bill 2019 has gone through. The latest change, set to be discussed and cleared at the next session of its joint parliamentary committee (JPC), which is likely tomorrow, could see the word "personal" taken out of the name of the bill.

Likely to be henceforth called just the 'Data Protection Bill' once the JPC is done with it, the original PDP bill was meant to be a bulwark against Big Tech and intrusive governments poking their nose into the private online lives of ordinary citizens. Three years and some months since the original idea was set on by the powers that be, it looks very different.

The next JPC meeting is likely to clear a proposal to include 'non-personal data into its ambit, with the viewpoint that this move would help in data sharing that could lead to “economic benefits for citizens and communities in India.” This was an idea suggested by a ministry of electronics and information technology (MeitY) panel chaired by Infosys co-founder Kris Gopalakrishnan that was set up to deliberate whether non-personal data should also come under the bill. The committee gave the government the thumbs up it wanted to tweak the bill further, arguing that the change would help the government in policymaking and service delivery.

“We believe that non-personal data should be kept outside the purview of the Personal Data Protection Bill,” argues Kazim Rizvi, founder of The Dialogue, a tech policy think-tank. “We are hopeful that the final version of the Bill will be in line with the expectations and requirements of the Indian demographic, and a progressive law that protects the privacy of the user and provides an enabling environment for the growth of our digital economy.”

That remains to be seen. Originally meant to be a bill that would safeguard the digital rights and privacy of the Indian public and modelled on the European Union's GDPR Act, it has seen many tweaks almost to the contrary since it was first proposed. Justice Srikrishna, who headed the committee that came up with the broad outline of what the bill should be, was himself shocked at the final form of the original draft which was tabled in Parliament in end-2019. He alleged that the provisions rather than protecting personal rights instead gave “a blank cheque to the government".

Since then, when the tabling led to uproar from opposition parliamentarians and referred to a committee, the bill has been discussed, debated and tweaked over, perhaps more than any other parliamentary legislation in recent years. Most of these changes deviated from the fundamental idea with which the bill was conceived.