A senior India government official said it plans to move forward “as quickly as possible” with new legislation governing the internet after abruptly scrapping a long-awaited, controversial personal data protection bill last week.
Rajeev Chandrasekhar, India’s minister of state for electronics and information technology, also pushed back against criticism from technology groups such as Meta and Google, which had complained about the draft bill’s compliance costs and some of its provisions, including a requirement that companies store data locally in India.
“Big Tech have gotten used over the past decade to little or no regulation, little or no scrutiny, and they got away with things they should not have gotten away with,” Chandrasekhar told the Financial Times. “Governments around the world were asleep at the wheel.”
India’s regulatory push comes after the EU passed landmark laws earlier this year that are expected to set the global standard for how large online platforms such as Amazon and Facebook must operate. The US is among the countries considering similar legislation, as regulators around the world crack down on the market power of the world’s biggest tech groups.
Chandrasekhar said tech companies were protesting “basically any form of scrutiny and regulation because they had seen nothing before”.
“That train has left the station — New Delhi station — and Big Tech have to get used to the fact that openness, safety and trust and accountability, which are the boundary conditions around which we are making policies, those boundary conditions are here to stay,” he added.
After five years of discussions about how to protect online users’ data, Narendra Modi’s government last week withdrew the personal data protection bill, which had received more than 90 amendments and recommendations from lawmakers.
India, the world’s largest democracy, has roughly 800mn internet users, a number its government estimates will grow to 1.2bn by 2026. However, its IT legislation has failed to keep up with a growing digital economy involving both local start-ups and global tech groups, as well as increasing concerns over users’ privacy, freedom of speech and the impact of technology apps on human rights.
Work on the draft began after India’s Supreme Court recognised privacy as a fundamental constitutional right in a 2017 ruling on a case challenging the government’s Aadhaar digital ID system.
Alongside tech companies’ complaints about the bill, which was drafted in 2019, privacy advocates had warned that it would have given authorities carte blanche to access users’ data in areas deemed matters of national security.
Chandrasekhar said the government would now put forward a “much more focused data protection and privacy bill”, amend or redraft its 22-year-old IT act and propose a broad national data governance framework policy that would deal with artificial intelligence, non-personal data and data sets. India might also table a cyber security bill, he added.
“We want to do it as quickly as possible,” he said. “We don’t want to disrupt the momentum that we have today in terms of start-ups and the innovation ecosystem for growth.”
With regard to human rights groups’ privacy concerns, Chandrasekhar said any legislation would give the state “the right to intervene and seek out information about a particular citizen” in cases involving areas such as law enforcement, national security, terrorism, pandemics or natural disasters.
“That will be considered as a reasonable exception to the fundamental right” of privacy, he added.