Prior to withdrawing it in August last year, the government had, in December 2021, referred the Personal Data Protection Bill, 2019—which was criticised for being in favour of the government—to a Joint Parliamentary Committee instead of sending it to the Parliamentary Standing Committee on Information Technology, which was then headed by Congress MP Shashi Tharoor.
As then chairperson of the committee—he was removed from the post in October last year—and even later, Tharoor had raised many uncomfortable questions on contentious issues like the data protection bill, internet shutdowns, Pegasus snooping row, whistleblower allegations of government forcing Twitter to hire its “agent”, etc.
In an interview, Tharoor talks about why the data protection bill has not been tabled in Parliament. Edited excerpts:
Why is India unable to have a robust data privacy act?
Tharoor: The issue is the government’s preparedness and its political will, both of which have been deficient over the last few years.
As the former chairperson of Parliament’s Standing Committee on Communications and Information Technology, what kinds of bottlenecks did you face? Why is the data protection bill not getting through in Parliament?
Tharoor: When I was the chairperson, which I no longer am since September, the government chose to respond to our repeated requests for a data protection bill by referring it instead to a Joint Select Committee, which would be chaired by a BJP member rather than by me, an opposition MP. That committee sought repeated extensions and finally returned with a draft bill which the government was not comfortable with. They preferred to withdraw it altogether and produce a new draft. All of this caused years of delay.
Since it was the UPA government which began work on Aadhaar, the data privacy bill should have been ideally passed then.
Tharoor: You forget that thinking on such issues has evolved recently and there was no such demand before 2014 when we left office. Can you name a single country that had a credible data protection bill before then? Even the European Union General Data Protection Regulation (GDPR) was adopted only in 2016.
There is talk that the IT Act will change with the proposed Digital India Act. There is already a law on intermediary platforms. What kinds of discussions have taken place in the standing committee and what do you think its impact will be?
Tharoor: The Standing Committee had repeatedly requested the government to undertake a comprehensive revision of the IT Act, 2000, which is significantly out of date. A new act, under whatever name, would be welcome.
The government is going aggressive on regulating digital economy. But there is no clear roadmap on managing data used by it. What should be the right approach to hold the government accountable?
Tharoor: There must be a neutral authority that could hold the government accountable for its decisions, missteps and overreach. The government prefers to have officials ruling on appeals against decisions made by other officials. That simply will not do.