GoI’s withdrawal of the Data Protection Bill has been accompanied by a promise that a draft of a new bill would be shared for public consultation. It is noteworthy to recall that five years was consumed by the work on the now scrapped draft legislation. Such a long gestation period for any legislation doesn’t speak well for governance, especially in a technology-related domain like ownership, processing, storage and transfer of personal data.
There are a number of key stakeholders in this arena. Firstly, there are citizens whose private data must be secured in line with the fundamental right to privacy recognised by the Supreme Court. Then there are private tech companies that are amassing vast amounts of personal data through their business operations. A balance has to be struck here between helping companies grow their business and their technological prowess vis-a-vis national and individual interests. Then there is the government which assumed, in national interest and for tackling criminality, large powers under the drafts finalised in 2019 and 2021 over control of personal data and would have called the shots over the Data Protection Authority that the legislation conceived.
Harmonising the interest of these three groups was never going to be an easy task. Though everyone welcomed the right to privacy judgment, the opposition found the draft bill as propounded by the joint committee of parliament alarming enough to shoot off dissent notes. GoI’s new effort must try to factor in suggestions from the public consultation process and ensure that a bill is tabled that can pass political, judicial and civil society scrutiny. It is a tough task but it can be done.
END OF ARTICLE