India's Personal Data Protection Bill, which Parliament's upper house passed on Wednesday evening, is expected to become law once signed by President Droupadi Murmu. The bill had faced delays, particularly last year when it was revised to address concerns about mass surveillance and its impact on the business environment.
The long-overdue law regulates the sharing of personal information among India’s roughly one billion internet users. The country has been at the forefront of digitization, with initiatives like the Aadhaar ID system and the India Stack, which have collected citizens' personal data and established a vast digital infrastructure.
The new law sets limits on the collection and storage of data while taking a more flexible approach compared to that of the European Union's regulations. There were still concerns, however, as some opposition leaders wanted the bill to undergo further review by a committee. Additionally, one provision allows the government to bypass certain aspects of the bill in vaguely defined security-related circumstances.
Nevertheless, the law eases restrictions on companies' ability to transfer data overseas, making it more favorable for the nation’s businesses compared to previous versions. It is worth noting that the Indian Supreme Court recognized the fundamental right to privacy in 2017, and the original draft of the law was introduced in late 2019.