Data localisation, data fiduciary responsibility, steep fines and classification of personal and sensitive personal data were thorny issues in the first draft.
A draft of the Personal Data Protection Bill
was made public by the Ministry of Electronics and Information Technology on July 27 last year. It detailed the rules and obligations for different entities who process personal data in the country, and came under a lot of criticism for the way it proposed handling cross-border data flows.
It was opened for public consultation last year, but the Bill in its final form was not made pubic. The ministry reportedly received over 600 submissions, but none of them were made public.
The government has held several rounds of consultations with different stakeholders post the first draft, but the Bill or any modifications were not opened up for further comments.