Skip to main content

Changes to India’s privacy bill could cause trouble for Facebook, Google and others as proposals include government powers to request user data to help forge policies.

The Personal Data Protection Bill, circulated to parliament members on Tuesday and reviewed by Reuters, was keenly awaited by top technology companies as it could affect the way they process, store and transfer Indian consumers’ data.

The bill’s latest version introduces a provision empowering the government to ask a company to provide anonymized personal data, as well as other non-personal data, to help target the delivery of government services or formulate policies.

The bill defines “personal data” as information that can help identify a person and has characteristics, traits and any other features of a person’s identity. Any other data is non-personal, the bill said, without elaborating.

“For companies, even non-personal data is wealth and such a legal provision is likely to cause panic at big technology companies,” said Supratim Chakraborty, a partner specializing in data privacy at Khaitan & Co.

Defending the move, a senior Indian government official said such data was “also wealth for the society”, citing an example that data from a company like ride-hailing business Uber could help the government understand public transport constraints and further develop the local train network.

“The bill doesn’t say this data will need to be given free ... subsequent rules will offer clarity on payment for such data,” the official added.

The bill will be presented in parliament soon, but won’t be passed in the current session that concludes on Dec. 13 as a panel will likely review it further, Reuters reported last week.

The bill also said large social media platforms should be required to offer a mechanism for users to prove their identities and display a verification sign publicly, a move that would raise a host of technical issues for companies including Facebook, WhatsApp, and the Chinese app TikTok.

“Sensitive personal data”, which includes financial and biometric data, could be transferred outside India for processing, but must be stored locally, the bill said.

The privacy bill is part of India’s broader efforts to tightly control the flow of data and is seen helping government agencies for investigations. U.S. firms have lobbied against such data rules around the world, fearing increased compliance costs.

On Tuesday, Internet company Mozilla said the bill’s exceptions for government to use data and proposed verification of social media users represented “new, significant threats to Indians’ privacy”.

“If Indians are to be truly protected, it is urgent that the parliament reviews and addresses these dangerous provisions before they become law.”

Related Articles

Q&A with Edwin Northover, Debevoise & Plimpton LLP

Debevoise & Plimpton LLP won the Insurance Law Firm of the Year award at the ALB Hong Kong Law Awards 2024, apart from being the sponsor of the Insurance In-House Team of the Year award. Edwin Northover, Asia-based corporate partner and head of the firm’s financial institutions and corporate practices in Asia, talks about the firm's recent achievements, trends in the insurance industry, and future outlook for insurance law in Hong Kong.

Kramer Levin and Herbert Smith Freehills plan latest law firm mega-merger

by Reuters |

U.S. law firm Kramer Levin Naftalis & Frankel and global legal giant Herbert Smith Freehills are planning to merge to create a firm with more than 2,700 lawyers, according to a joint statement on Monday.

Tokyo International makes Singapore debut with SE Asia in its sights

by Sarah Wong |

Japanese boutique Tokyo International Law Office (TKI) is set to establish its first overseas outpost with the opening of a Singapore office in January 2025, marking a significant milestone in the rapidly expanding firm's global strategy.