The new law has drawn criticism from opposition lawmakers and human rights groups over the scope of the exceptions and weakened government accountability.
Indian lawmakers have passed a privacy law that will dictate how tech companies handle user data, despite criticism that it is likely to lead to increased government surveillance.
The law, passed on Wednesday, will allow companies to port some users’ data abroad, while giving the government powers to solicit information from companies and issue instructions to block content, on the advice of a federally-appointed privacy committee.
The Digital Personal Data Protection Act 2023 gives the government the power to exempt state agencies from the law and gives users the right to correct or delete their personal data.
The new legislation comes after India withdrew a 2019 privacy law that had alarmed tech companies like Facebook and Google with its proposals for severe restrictions on data flows across borders.
The law provides for penalties of up to 2.5 billion rupees ($30 million) for violations and non-compliance.
However, it has drawn criticism from opposition lawmakers and human rights groups over the scope of the exceptions, including the weakening of the landmark 2005 Right to Information Act, which allows citizens to obtain data from officials, such as civil servants’ salaries.
“It jeopardizes privacy, grants the government excessive exemptions and fails to create an independent regulator,” digital rights group Access Now said in a statement, adding that the new law will strengthen government control over personal data and increase censorship .
Several opposition MPs and digital experts say the legislation would allow the government and its agencies to access companies’ user data and individuals’ personal data and collect private data without their consent in a country where digital freedoms have been restricted since Prime Minister Narendra Modi took office in 2014.
The Internet Freedom Foundation, a digital rights group, has also said the law lacks meaningful safeguards against “over-surveillance,” while the Editors Guild of India has said it harms press freedom and waters down the Right to Information Act .
In the days leading up to the law’s passage, the Editors Guild of India raised concerns, saying it creates “a conducive framework for monitoring citizens, including journalists and their sources”.
Rajeev Chandrasekhar, India’s deputy information technology minister, said the law will protect the rights of all citizens, allow the innovation economy to expand, and give the government legitimate access in cases of national security and emergencies such as pandemics and earthquakes.