India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation

Indian lawmakers Wednesday approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights.

The legislation will limit cross-border transfer of data and provide a framework for setting up a data protection authority to ensure compliance from tech companies, Information Technology and Telecom Minister Ashwini Vaishnaw said.

Several opposition lawmakers and digital experts say the legislation would allow the government and its agencies to access user data from companies and personal data of individuals without their consent as well as collect private data in a country where digital freedoms have been shrinking since Prime Minister Narendra Modi took office in 2014.

Digital experts also fear that the legislation will weaken the landmark Right To Information law — passed in 2005 — that allows citizens to seek data from public officers, such as salaries of state employees.

“It jeopardizes privacy, grants excessive exemptions to the government, and fails to establish an independent regulator,” digital rights group Access Now said in a statement, adding it will enhance the government’s control over personal data and increase censorship.

The upper house of Parliament passed the Digital Personal Data Protection bill which would later be signed by the country’s ceremonial president, a formality, before becoming law. It was passed by the lower house of the Parliament on Monday.

The legislation is the government’s third attempt to pass such legislation and comes nearly six years after India’s top court ruled that privacy is a fundamental right of every citizen — a landmark judgment that was widely hailed as a win for individual freedom.

Earlier drafts of the legislation had raised similar concerns.

Proponents of the legislation have long been saying a data protection law is necessary for a country like India where financial fraud and data leaks are rampant, adding that it could act as a crucial step to protect people’s information from commercial and political exploits.

In 2021, India introduced sweeping regulatory laws that have put social media companies and digital platforms under direct government oversight. Modi’s government said it was needed to quell misinformation and hate speech and to give users more power to flag objectionable content. Critics of the law, however, said the law would lead to online censorship in India, particularly on social media platforms like X, previously known as Twitter.

Related: India Claims It Foiled Chinese Cyberattack on Disputed Border

Related: Indian Cyberspies Expose Their Operation After Infecting Themselves With RAT

Related: India-Linked Threat Actor Involved in Spying, Planting Evidence