India passes data protection bill amid surveillance concerns

The new law has drawn criticism from opposition lawmakers and rights groups over the scope of exemptions, weakening gov’t accountability.

A statue of Mahatma Gandhi sits between the old and new Parliament House buildings on the opening day of the monsoon session of the Indian parliament, in New Delhi, India
Experts say the new law will allow government agencies to access user data without consent [File: Manish Swarup/AP Photo]

Indian lawmakers have passed a data protection law that will dictate how tech companies process users’ data amid criticism that it will likely lead to increased surveillance by the government.

The law, passed on Wednesday, will allow companies to transfer some users’ data abroad while giving the government power to seek information from firms and issue directions to block content on the advice of a data protection board appointed by the federal government.

The Digital Personal Data Protection Bill, 2023 gives the government powers to exempt state agencies from the law and gives users the right to correct or erase their personal data.

The new legislation comes after India withdrew a 2019 privacy bill that had alarmed tech companies like Facebook and Google with its proposals for stringent restrictions on cross-border data flows.

The law proposes penalties of up to 2.5 billion rupees ($30m) for violations and noncompliance.

However, it has drawn criticism from opposition lawmakers and rights groups over the scope of exemptions, including weakening the landmark Right To Information law — passed in 2005 — that allows citizens to seek data from public officers, such as salaries of state employees.

“It jeopardizes privacy, grants excessive exemptions to the government, and fails to establish an independent regulator,” digital rights group Access Now said in a statement, adding that the new law will enhance the government’s control over personal data and increase censorship.

Several opposition lawmakers and digital experts say the legislation would allow the government and its agencies to access user data from companies and personal data of individuals without their consent as well as collect private data in a country where digital freedoms have been shrinking since Prime Minister Narendra Modi took office in 2014.

The Internet Freedom Foundation, a digital rights group, has also said that the law does not contain any meaningful safeguards against “over-broad surveillance”, while the Editors Guild of India has said it affects press freedom and dilutes the Right to Information law.

In the days before the bill was passed into law, the Editors Guild of India raised concerns, saying it “creates an enabling framework for surveillance of citizens, including of journalists and their sources”.

Rajeev Chandrasekhar, India’s deputy minister for information technology,  has said that the law will protect the rights of all citizens, allow the innovation economy to expand, and permit the government legitimate access in the case of national security and emergencies like pandemics and earthquakes.

Source: Al Jazeera and news agencies