Skip to main content

Changes to India’s privacy bill could cause trouble for Facebook, Google and others as proposals include government powers to request user data to help forge policies.

The Personal Data Protection Bill, circulated to parliament members on Tuesday and reviewed by Reuters, was keenly awaited by top technology companies as it could affect the way they process, store and transfer Indian consumers’ data.

The bill’s latest version introduces a provision empowering the government to ask a company to provide anonymized personal data, as well as other non-personal data, to help target the delivery of government services or formulate policies.

The bill defines “personal data” as information that can help identify a person and has characteristics, traits and any other features of a person’s identity. Any other data is non-personal, the bill said, without elaborating.

“For companies, even non-personal data is wealth and such a legal provision is likely to cause panic at big technology companies,” said Supratim Chakraborty, a partner specializing in data privacy at Khaitan & Co.

Defending the move, a senior Indian government official said such data was “also wealth for the society”, citing an example that data from a company like ride-hailing business Uber could help the government understand public transport constraints and further develop the local train network.

“The bill doesn’t say this data will need to be given free ... subsequent rules will offer clarity on payment for such data,” the official added.

The bill will be presented in parliament soon, but won’t be passed in the current session that concludes on Dec. 13 as a panel will likely review it further, Reuters reported last week.

The bill also said large social media platforms should be required to offer a mechanism for users to prove their identities and display a verification sign publicly, a move that would raise a host of technical issues for companies including Facebook, WhatsApp, and the Chinese app TikTok.

“Sensitive personal data”, which includes financial and biometric data, could be transferred outside India for processing, but must be stored locally, the bill said.

The privacy bill is part of India’s broader efforts to tightly control the flow of data and is seen helping government agencies for investigations. U.S. firms have lobbied against such data rules around the world, fearing increased compliance costs.

On Tuesday, Internet company Mozilla said the bill’s exceptions for government to use data and proposed verification of social media users represented “new, significant threats to Indians’ privacy”.

“If Indians are to be truly protected, it is urgent that the parliament reviews and addresses these dangerous provisions before they become law.”

Related Articles

Other News

HKIAC opens 2nd mainland rep office in Beijing

by Asian Legal Business《亚洲法律杂志》 |

The Hong Kong International Arbitration Centre (HKIAC) has officially opened its Beijing Representative Office, becoming the first offshore arbitration institution to establish a presence in the Chinese capital.

Other News

Milbank becomes 2nd U.S. law firm to shutter mainland office in a week

by Hu Yangxiaoxiao 胡阳潇潇 |

U.S. law firm Milbank has confirmed to ALB that it will close its Beijing office, which has been operating for 18 years. This makes it the second top-tier U.S. law firm, after Paul, Weiss, to announce its intention to call time on its mainland operations this week.

Other News

SUBMISSIONS OPEN: ALB Firms to Watch (Singapore) 2025

by Asian Legal Business《亚洲法律杂志》 |

Submissions open for ALB Firm to Watch (Singapore) list. The list will highlight the law firms with a more compact partner structure or focused practice in the country. The list will be published in the January/February 2025 issue of ALB Asia.