According to the latest news reports, the long-awaited Personal Data Protection Bill, 2018  is likely to be introduced in the Indian Parliament in coming June after general elections get over, as per a leading daily.

The Bill was planned to be put in action and supposed to be placed before the Parliament in the current winter session by the Government. According to MeitY, multiple changes vetted in the Bill have now been incorporated in a draft and was sent to Union Ministry of Law. Sources indicate that the Bill was not placed in the current session of Parliament which ends on January 8 and nor will it be tabled in the budget session.

On July 27, 2018, a ten-member expert committee chaired by retired Indian Supreme Court Justice BN Srikrishna on data protection framework in India submitted a 176-page report with a draft bill entitled, “The Personal Data Protection Bill, 2018 to MietY after which another round of public consultation, which attracted almost 600 sets of feedback which included that of the US government too.

The first version of the privacy bill was drafted in 2010 and since then, multiple versions and drafts have been prepared, none of which have seen the light of day. Experts believe that India’s data protection bill draft lacks key pointers and does not address some of the key issues also. Data Ownership has been one of the important concerns that have been completely ignored till now.

The proposed Data Protection Bill 2018 puts individual consent imperative to data sharing. The bill asserts the right to privacy is a fundamental right and unless the users have given their explicit consent, their personal data will not be shared or processed. The bill’s mandate on data localisation is one of the most awaited and watched provisions by tech companies in abroad.

The panel on data protection which prepared its report and the drafted bill,  recommended that a copy of all personal data must be stored in India, while all information of a critical nature is kept at the local level.

The Srikrishna committee had left it to the government to define critical personal data. But the government was in view that sector regulators and relevant departments would get to define what constitutes sensitive personal information.

As per the drafted bill, both citizens and internet users will have the final say on how and for what purpose their personal data can be used, and they will have the right to withdraw consent. In certain conditions, there will also be the option of  ‘right to be forgotten’ that has been included in the draft.

Source: Analytics India