India's updated data protection Bill would provide more scope to access citizen data

It will also require companies to gain consent to access citizen data.
Written by Campbell Kwan, Contributor on

India has revealed an updated version of its draft data protection laws that, if passed, would allow the Indian government to compel companies to provide it with anonymised personal data.

Unveiled over a year ago, the draft laws will finally be introduced into Indian Parliament on Wednesday morning by Shri Ravi Shankar Prasad, the Minister of India's Ministry of Electronics and IT (MeitY).

The latest version of the Personal Data Protection Bill 2019 would allow the government to direct companies to hand over the anonymised personal data and non-personal data of citizens. It would also give the government the power to directly collect citizen data without consent so long as it serves the public interest, as well as provide it with the discretion to exempt an entity or department from any part of the law.

"Critically, this latest Bill is a dramatic step backward in terms of the exceptions it grants for government processing and surveillance," said Jochai Ben-Avie, Mozilla's head of international public policy said in a blog post.

While the draft laws envision making it easier for the Indian government to access citizen data, it also seeks to place more accountability on how companies handle citizen data. 

Not unlike Europe's General Data Protection Regulation, the Bill would require companies to gain consent to collect personal data from Indian citizens, while also giving citizens the power to demand for their data be erased, corrected, or updated.

It would also see restrictions be placed around the collection of children's personal data, requiring companies to verify a child's age and obtain consent from the child's parent or guardian in order to collect the personal data of children.

Another rule proposed by the Bill is that it wants "social media intermediaries" to implement a mechanism that would allow citizens to voluntarily provide their identities. According to the Bill, anyone who voluntarily verifies their social media account would be provided with a visible mark of verification. If this were to come into force, social media companies would need to add a new verification feature onto the Indian versions of their platform. 

The Bill has also been updated so that critical personal data can be transferred outside of India so long as it continues to be stored in India, which would make it easier for foreign companies like Amazon and Google to access Indian data. 

The original draft [PDF] of the Bill had recommended that a copy of all data be stored locally on Indian servers while critical data itself could only be in India. This change in stance occurred as MeitY was reportedly lobbied by senior executives from a host of US companies, such as Google and Facebook, to try and tweak the Bill in their favour. 

India is also proposing the creation of a new entity, called the Data Protection Authority (DPA), that would "promote good practices of data protection and facilitate compliance". Compared to the original draft of the Bill however, the current version would see the scope of people that appoint the members of the DPA be limited. In the original draft, the appointment committee was to be comprised of people from executive, judicial, and external expertise, while the current version will see the DPA be chosen by only members of the executive.

The Bill will be discussed in Parliament over the coming weeks. 

Related Coverage

Trump's plans to throttle the H-1B and OPT could upend the supply of US tech talent

These sweeping changes, if implemented, could change the face of US technology.

India puts WhatsApp's impending payments service on ice due to data localisation fracas

Both the security breach by Pegasus malware and WhatsApp's reluctance to adhere to India's data localisation norms have caused it to sit on the sidelines of one of the hottest digital payments markets in the world.

Facebook accused of being 'megaphone for hate' in northeastern India

Facebook's pathetically low number of content moderators, as well as the total incapability of its artificial intelligence in throttling hate speech on its platform, means that a human rights disaster of epic proportions may be just around the corner.

In India, Apple is facing the classic dilemma of pricing vs. brand image (TechRepublic)

Saritha Rai discusses Apple's delicate balance of maintaining premium branding while offering customer-friendly pricing and gaining market share in India.

How Chinese phonemakers have destroyed Indian ones like Micromax

With 5G around the corner, Indian phone makers will have to pull off a miracle in product design if they are to compete with the Chinese.

Editorial standards