“There is wide divergence on the proposed bill,” one of them said. “Most ministries have expressed concerns and want a thorough examination.”
Stakeholder ministries and departments made clear their reservations about proceeding with the bill in its present form at a meeting called by the Prime Minister’s Office last week.
A detailed presentation on the legislation was made at the meeting attended by Prime Minister’s principal secretary Nripendra Misra, Niti Aayog chief executive officer Amitabh Kant, Department for Promotion of Industry & Internal Trade (DPIIT) secretary Ramesh Abhishek, telecom secretary Aruna Sundararajan and IT secretary Ajay Sawhney.
The official said there is a growing view that data protection needed to be handled with caution given rapidly changing technology dynamics.
No Representation from Global Tech Giants
ET had reported on July 24 that the bill would be watered down in a bid to try and salvage it. The IT ministry will again hold consultations on the bill with representatives of civil society, tech industry executives, lawyers and scientists to seek their views.
“However, all the members will be Indians who will discuss how to guarantee privacy of Indian users. The consultations will not have any representation from any of the global tech giants or anyone representing any foreign interest,” said a person aware of the discussions.
The BN Srikrishna committee on data privacy had recommended last year that “critical” personal data should only be stored in India, raising the hackles of the US tech giants, which would have to set up facilities locally to abide by such rules. This has added to trade frictions with the US, which has been lobbying against such changes.
A key point raised at the meeting of the inter-ministerial panel related to public and private data, said another person aware of the matter.
“One member raised a question on why the bill did not cover the crucial issue of public data and whether the matters regarding public data and private data should be looked at holistically,” he said.
Allowing the use of public, anonymised data had first been outlined in the draft ecommerce policy, but was later dropped by the commerce ministry that said the IT ministry will frame rules on the matter.
The person added that the committee was informed that the bill would only address individual privacy and the matter of public data would be dealt with once rules on the former are in place.
“In fact, it was communicated that the issue regarding entire public data could then be dealt by the data authority which would be established once the bill is passed as a law,” the person said. “Another member raised a concern of why the draft PDP (Personal Data Protection bill) was being considered at this point of time at all.”
The members were told that the aim was not to monetise personal data but to protect the privacy of individuals that was being encroached upon by technology companies without users realising what they had signed up for.
Another question raised was whether there was any provision to bring back “critical” data that had already left Indian shores, something which is not covered in the proposed bill, as it cannot be implemented.