Four Years And Counting: Wait For The Data Protection Law

Justice (retd) B N Srikrishna speaks at a panel discussion on the Personal Data Protection Bill. (Source: Software Freedom Law Center)

Four Years And Counting: Wait For The Data Protection Law

In 2019, India had around 451 million internet users, second only to China and estimated to cross a billion by 2025.

In the context of the Aadhaar case and associated privacy concerns the government committed to legislation protecting personal data even as it objected to privacy being counted among fundamental rights.

That was four years ago.

The wait has been a tedious one. A report by a committee headed by retired Justice BN Srikrishna formed the basis of the government’s bill but with several tweaks. The legislation was then sent to a 30-member Joint Parliamentary Committee whose report is yet to see the light of the day. And now, a cabinet reshuffle that has taken away five members of the JPC, including the chairperson.

Any member in the event of becoming a minister loses their seat on the committee, explains Chakshu Roy of PRS Legislative.

That necessarily does not stop the working of the committee but when the position of the chairperson is vacant and the report has not been finally adopted by the committee, then the committee will need a new chairperson to steer the report to submission to the House.
Chakshu Roy, PRS Legislative

Data Protection Law: The Tedious Journey

The Srikrishna committee report and the draft copy of the bill was presented to the Ministry of Information and Technology in July 2018.

The government made certain tweaks to the committee’s version and introduced the Personal Data Protection Bill in the parliament in December 2019.

The changes included some contentious issues such as:

  • Wide exemptions granted for the state’s use of data.

  • No judicial member in the selection committee which will make appointments to the Data Protection Authority

  • Narrowing the list of offences under the law.

  • Watering down the requirements of data localisation.

The bill presented by the government saw criticism both inside and outside the parliament.

This is nothing but giving a blank cheque to the State to say ‘you write whatever you want on that, signature is already there’, Justice Srikrishna had said in March 2020. He had also called the bill a step towards an Orwellian State. The opposition, too, attacked the government for a growing "snooping industry".

In December 2019, on the same day of its introduction, the bill was sent to the 30-member Joint Parliamentary Committee.

What’s Taking The JPC So Long?

The deadline for the JPC to submit its report was set at the 2020 budget session, which after a few extensions became the upcoming monsoon session.

In December 2020, former JPC member and now a minister Rajeev Chandrasekhar offered a glimpse into the working of the committee. At an event, Chandrasekhar said that there were over 50 meetings of the committee, which was going to redraw the bill as the bill in itself was not working.

Supratim Chakraborty, partner at law firm Khaitan & Co., among those the IT Ministry sought comments from before the final version of the bill was introduced in the Lok Sabha, said a law of this nature does take time in deliberations.

It is important to remember that the bill has seen a lot of public debate and it can be safely presumed that the same must have happened in the committee meetings. Provisions such as data localisation or the composition of the data protection authority are contentious issues and the committee would have gone into detailed deliberations on these issues.
Supratim Chakraborty, Partner at Khaitan & Co.

The pandemic hasn’t helped either, he said.

But that has prompted opposition leaders like Congress Party's Jairam Ramesh to question why the JPC meetings were not being conducted online.

The JPC has proposed 89 amendments to the government’s version of the bill. But the final report has not reached the members as yet.

Last month, former IT Minister Ravi Shankar Prasad reportedly said that the committee had submitted the report and he was looking forward to presenting the bill in the monsoon session.

This drew sharp criticism from Ramesh and his party colleague Manish Tewari. Ramesh expressed surprise at the minister getting the report even though it was not presented to the members. Tewari raised the question of delay in the report being presented to the members. Prasad later clarified that he was yet to receive the report.

The Cabinet Reshuffle Problem

The latest round of cabinet expansion has led to five members of the JPC joining the Prime Minister Modi's Council of Ministers. These include the Chairperson Meenakshi Lekhi, Ashwini Vaishnaw, Ajay Bhatt, Rajeev Chandrasekhar and Bhupender Yadav. After the cabinet reshuffle, Ramesh once again took to Twitter to express his unhappiness that the report had yet to reach the members.

The vacancies do not mean that the committee will have to start work afresh, Roy said.

There has been delay but the more important thing is to ensure that the civil society’s concerns are adequately addressed, says Raman Chima, lawyer and senior international counsel with Access Now.

Lok Sabha Speaker Om Birla after the cabinet reshuffle said that the committee will not get an extension, which indicates the report is to be submitted in the upcoming Monsoon session of the parliament which begins July 19.

In the best-case scenario, Supratim said, India could have a data protection law by the winter session of the Parliament but realistically speaking, it’ll be early 2022.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.