NOTE: On August 3, 2022, the Joint Parliamentary Committee (JPC) withdrew the Personal Data Protection Bill in light of a new comprehensive legal framework that the JPC is working on. Minister of Railways, Communications and Electronics and Information Technology in Government Ashwini Vaishnaw released a written statement that mentioned Parliament will be drafting a new bill that fits into the comprehensive legal framework, as the current bill had over 80 proposed amendments.

The bill was not without criticism, drawing ire from privacy advocacy groups for giving too much power to corporations, as well as tech giants Meta, Amazon, and Google having concerns over newer recommendations to the bill surrounding personal data. 

On November 22, 2021, the Joint Parliamentary Committee (JPC) adopted a draft report on India’s Personal Data Protection Bill, 2019. The decision comes after almost two years of debate and the report will now be presented during Parliament’s winter session. Shri PP Chaudhary, the Chairperson of the Joint Parliamentary Committee (‘JPC’), announced the report’s adoption on Twitter.

The report contains 93 recommendations in relation to the bill’s clauses. The bill is said to help boost the digital economy, generate employment, and enhance the ease of doing business in India as well as balancing the need for privacy and helping the Government of India deliver services to Indian citizens.

The adoption of this report is the long-awaited next big step towards India passing its own comprehensive data protection law.

What is India’s personal data protection bill?

A Personal Data Protection Bill was originally introduced in 2018, following the Indian Supreme Court’s declaration that privacy is a fundamental right in 2017. A revised version of the bill was introduced as the Personal Data Protection Bill, 2019, to the lower house of the Indian Parliament in December 2019.

The Personal Data Protection Bill, 2019 aims to introduce processes that enhance the protection of personal data in India. Specifically, the bill aims to:

• Regulate the flow and usage of personal data
• Introduce requirements for cross-border data transfers
• Protect the rights of the data subject
• Establish accountability requirements for data controllers and data processors
• Create a framework for organizational and technical measures for processing personal data
• Set out penalties for violation of the bill’s provisions
• Establish an independent data protection authority in India.
• Help to establish trust between data subjects and organizations processing personal data

What’s next for the bill?

The JPC’s report is yet to be made publicly available however, it will now be tabled at the winter parliamentary session where members of parliament will deliberate over the bill’s passing.

You can keep up to date with the bill’s progression through Parliament with OneTrust DataGuidance daily news updates.

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on the bill.