← Back to all briefings
Data Strategy 5 min read Published Updated Credibility 40/100

Data Strategy Briefing — India Withdraws Personal Data Protection Bill

India withdrew its long-debated Personal Data Protection Bill on 3 August 2022, resetting the legislative process and signaling that a broader Digital Personal Data Protection Bill would follow, affecting localization and consent planning for firms operating in India.

Zeph Tech Research Lead

Research lead, Zeph Tech

Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

On 3 August 2022 India's Ministry of Electronics and Information Technology (MeitY) withdrew the Personal Data Protection (PDP) Bill from Parliament, stating that a comprehensive framework would be reintroduced. The withdrawal paused anticipated localization, consent, and data fiduciary obligations, but signaled that a successor Digital Personal Data Protection (DPDP) Bill would arrive with streamlined provisions.

What changed

  • The PDP Bill, in development since 2019, was officially withdrawn, nullifying its near-term compliance timeline.
  • MeitY announced plans for a new DPDP Bill to replace the PDP proposal, indicating changes to localization mandates, consent requirements, and enforcement structure.
  • Regulators emphasized ongoing reliance on existing IT Act provisions during the legislative reset.

Why it matters

  • Enterprises paused PDP-specific implementation but needed to maintain readiness for localization and consent controls likely to reappear in the DPDP Bill.
  • Vendors handling Indian personal data had to reassess roadmap commitments and monitor for shifts in cross-border transfer rules in the upcoming bill.
  • Policy and legal teams needed to refresh stakeholder engagement plans as MeitY opened consultations for the successor framework.

Action checklist

  • Maintain inventories of data flows involving India and document current contractual safeguards for cross-border transfers.
  • Track DPDP consultations and align product requirement documents with anticipated changes to consent, children's data, and localization obligations.
  • Update internal communications to clarify that PDP-specific milestones are on hold but broader privacy governance remains in force under the IT Act.
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Data Strategy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Data Protection
  • Localization
  • India
  • Cross-border data
  • Regulation
Back to curated briefings