India\u2019s Personal Data Protection Bill 2019 \u2013 after having been thoroughly analysed and deliberated upon by a 28-member joint parliamentary committee over 66 sittings \u2013 is expected to be tabled in the upcoming budget session commencing on 29 January.However, it\u2019s unlikely the country will see the bill being passed and notified to become an act, dashing hopes of citizens and companies expecting the imminent rollout of India\u2019s first dedicated privacy and data protection law.\u201cThe Personal Data Protection Bill may be tabled in this budget session, but getting notified if tabled will take some more time,\u201d said cyber and privacy law expert, Advocate (Dr.) Prashant Mali.Furthermore, doubts about the bill being passed were raised at Carnegie India\u2019s\u00a0Global Technology Summit\u00a0last month, when a member of the joint parliamentary committee, Rajeev Chandrasekhar, said that the current version of the bill will not be approved. He hinted that the bill will have to be redrawn as the committee, after 52 sittings at that point in time, was still not in agreement.From pillar to postThe bill, which started its journey close to two-and-a-half years back as the Personal Data Protection Bill 2018, was drafted following the review and recommendations of the Srikrishna Committee report. The bill was finally approved on 4 December of the following year, and renamed the Personal Data Protection Bill 2019.Since then, a joint parliamentary committee\u2014comprising 19 members of the Lok Sabha (lower house of the parliament) and 9 members of the Rajya Sabha (upper house)\u2014has held 66 sittings, 32 of which were allotted for \u201cclause by clause consideration\u201d, according to the Parliament of India website.After the final sitting on 29 December the chairperson of the joint parliamentary committee, Meenakshi Lekhi, told The Economic Times that the final draft of the data protection bill includes 89 amendments and one new clause. This comes after the joint parliamentary committee, with recommendations from various experts and stakeholders reached a common consensus on all aspects of the draft.What\u2019s the holdup and what needs fixingA fundamental roadblock that\u2019s prevented unanimous agreement on the Personal Data Protection Bill (PDPB) stems from the debate around privacy.Article 21 of the Constitution of India states that privacy is a fundamental right. This though, is currently in contention with two sections of the PDPB: First, Section 35, which gives the central government the authority to exempt certain agencies from the bill\u2019s provisions for purposes of national security and public order. The second is Section 91, which permits the government to access anonymised and non-personal data gathered by private data fiduciaries.However, \u201cnational security\u201d is a broadly-defined term and can be cited by the government to carry out surveillance on citizens, Saikat Datta, a visiting fellow with Observer Research Foundation\u2019s National Security Programme, said at a recent roundtable conducted by the Internet and Mobile Association of India.\u201cInformation is power: This should be the bedrock for any privacy and data regulation act. The PDPB attempts to create a balance between the power of the people and the government, but we do not have a concrete definition of what is national security. Section 35 is not well-defined,\u201d he said, adding: \u201cSurveillance will continue to exist and the PDPB will do very little to protect citizens\u2019 rights.\u201d Prashant Mali\u201cExemptions citing \u2018national interest\u2019 should not extend to the entirety of the PDP bill.\u201d \u2013 Advocate (Dr.) Prashant Mali, cyber and privacy law expertMali too believes in taking a more nuanced approach. When it comes to addressing privacy, he said, the data protection bill should not attempt to paint in broad strokes: \u201cNational interests may in some cases override an individual\u2019s interest in privacy. Exemptions citing \u2018national interest\u2019 should not extend to the entirety of the PDP bill and must be limited to specified portions. Exemptions must be granted under the authority of law, as opposed to blanket executive orders,\u201d he said.Why PDPB matters to India Inc.The last draft of the Personal Data Protection Bill that was approved by the cabinet in December 2019 states that company executives found violating privacy and data protection guidelines could face up to three years\u2019 imprisonment and a penalty of up to \u20b9150 million.Additionally, Clause 40 of the bill mandates every data fiduciary to appoint a Data Protection Officer (DPO) \u2013 a trend that could spark a flurry of new appointments, especially among rapidly-growing fintech companies and food ordering and delivery platforms.Vinayak Godse, Vice President of the Data Security Council of India, took a slightly more optimistic point of view than Datta at the Internet and Mobile Association round table, saying that the bill will serve to create trust in users\u2019 minds, and that this could get more users to turn to digital media. He added that banks have started setting up divisions to overlook PDP norms.Furthermore, he predicts RegTech (regulation technology) will come into focus and data anonymization could prove to be a great tool for companies to use.