The Union Cabinet on Wednesday approved the Data Protection Bill clearing decks for it to be introduced in the Monsoon Session of Parliament, PTI reported.

This is the second attempt by the Centre to frame legislation for protection of data and comes nearly six years after the Supreme Court had unanimously declared the right to privacy a fundamental right of all Indians.

The lack of a law means that there are no checks and balances in how the government and private companies collect and use a person’s data. This becomes a concern at a time when there has been an increase in data breaches in India.

An official from the Ministry of Electronics and Information Technology told The Print on Wednesday that the government has received over 21,000 comments on the draft bill that had been floated in November. “We consulted with about 48 organisations...we have drafted the bill in a manner that it stands the test of time even as the technology keeps changing,” the official said.

However, the details of the Bill remain confidential and the Narendra Modi government has refused to share comments that it has received from civil society and government bodies on the draft in response to Right to Information requests, The Hindu reported.

The draft was released after the Centre withdrew an earlier version from Parliament in August after nearly four years of the Bill being in the works. It had raised concerns among big technology companies such as Facebook and Google as it could increase their compliance burden and data storage requirements.

Former Supreme Court judge BN Srikrishna, who led a committee that came with the first draft of the Personal Data Protection Bill, had said that the November draft is fundamentally flawed as it would allow the executive to “act capriciously and infringe on the fundamental right of privacy of personal data”.

The retired judge added that the draft law can exempt all government departments and institutions from its provisions. “That is a dangerous situation and [a] clear invitation to the executive to act arbitrarily,” he had warned.

Section 18(2) of the Bill states that the government can provide exemptions for the processing of data by “any instrumentality of the State in the interests of sovereignty and integrity of India, security of the State, friendly relations with foreign States, maintenance of public order or preventing incitement to any cognisable offence relating to any of these”.

Exemptions given to the Centre and its agencies have been retained in the bill despite the concerns of experts, according to The Indian Express.

The Data Protection Board of India, which will be entrusted with ensuring compliance with the regulations and imposing penalties on violators, has also been retained. “A penalty of Rs 500 crore would apply in case of data breaches,” an official told The Hindu.

Also read:

  1. Ten instances show how the digital data protection bill will undermine the RTI Act
  2. Mandatory sign-up, word limit: The many hurdles in offering feedback on the data protection bill