After a number of delays, India has finally proposed a set of rules for data protection laws. While the proposed legislation could place restrictions on how companies like Facebook and Twitter use information from India’s 600 million internet users, it also risks balkanizing the internet with the types of government controls seen in countries like China.

According to the new rules, which were leaked on Tuesday, the Indian government would require technology companies to garner consent from users before collecting and processing their personal data. A newly proposed government agency, the Data Protection Authority, will write specific rules, monitor how companies are applying them and mediate to settle disputes.

While the bill, dubbed the “Personal Data Protection Bill 2019,” addresses long standing needs for data protection in India, it also posits more worrying concerns about authoritarian overreach by the government.

According to the current draft, which is expected to be debated by lawmakers over the next few weeks, the rules would allow the government to “exempt any agency of government from application of Act in the interest of sovereignty and integrity of India, the security of the state, friendly relations with foreign states, public order.”