-Ayshwaria Lakshmi (cbedit@imaws.org)
On July 5th, the cabinet approved a draft of the Digital Personal Data Protection Bill, paving the way for India’s first privacy law. This proposed bill would be tabled in the Monsoon session of the Parliament starting July 20.
The bill was first introduced in December 2019 and was withdrawn in August 2022 after feedback from stakeholders and agencies. Later in November last year, it published a draft titled the Digital Personal Data Protection Bill 2022 and was open for feedback from the public.
Consultations took place with various organisations, associations and industry bodies. This approval of the Bill is the first step to adopting much-awaited data privacy legislation. “Legislations usually take an iteration or two to be perfect to meet the market needs. In view of the larger public concerns, these are laws and regulations that protect individual data rights, just like the GPDR in the EU zone, PDPC in Singapore and others. It is important to restrict personal identification from being easily available to scamsters,” said Jawahar Kanjilal, Founder, Streamz.ai, an AI-led SaaS solution company.
He further added that India’s IT industry having worked with EU and US clients understand the need for data protection. He is also hopeful that DPDP will take into consideration safe authorised regions outside India for data storage. “The approval of the Data Privacy Bill by the Indian Cabinet is a significant step in recognizing the importance of data protection. The bill aims to align India’s data protection laws with global standards and empower individuals to have better control over their data. This development represents a positive step in the establishment of a comprehensive legal structure to safeguard data privacy in India,” said Akshay Garkel, partner and cyber lead at Grant Thornton Bharat.
Albeit late, the bill’s approval is a significant milestone in India’s journey to enhance trust in data privacy laws. The market issued over 20,000 feedbacks on the draft. Some concerns pertain to the extent of government control and powers, as well as potential content-related issues.
Several concerns remain unclear in terms of their status such as The potential impact of the bill on the existing Right to Information (RTI) Act, where the government could legally deny information sought under the RTI Act. The extensive power granted to government agencies to access citizens’ privacy data. The immaturity and unlimited nature of the executive’s powers regarding children’s data.
The Digital Personal Data Protection Bill has positive market expectations. It will create opportunities for data protection and cybersecurity companies, while larger firms can strengthen their competitive advantage. Start-ups may benefit from innovative solutions, and consumer trust in digital services is expected to improve. Compliance challenges may arise for smaller companies though there will be enough time permitted for achieving this. Monitoring developments and consulting experts is crucial for informed decision-making.
“The government should prioritise transparency by clearly communicating which suggestions have been implemented and which ones have not. Currently, personal data, including Aadhaar numbers, is shared with multiple service-rendering agencies without adequate control, leading to potential misuse. The bill should ensure the protection of citizens’ privacy and data not only from profit-making agencies but also from government agencies,” said Sivaramakrishnan N, Vice President – Infosec, M2P Fintech.
The Data Privacy Bill’s approval is a positive step, but cautionary points arise. The market seeks a balance between privacy and innovation, clarity on permissible data processing, and safeguards that promote innovation while ensuring privacy protection. Cross-border data transfers need attention, enabling legitimate flows while safeguarding personal information. Practical provisions are essential to prevent compliance challenges for businesses of different sizes.
Robust enforcement and meaningful penalties are necessary to ensure accountability and deter non-compliance. Addressing these concerns will enhance data protection practices, fostering trust in India’s digital ecosystem. “The Data Privacy Bill for Healthcare is not very specific as it is in western countries. Healthcare needs a lot more data privacy. Even today, there are a lot of matters related to the data that are still not clear and have no control over the sharing of data. I also believe Ayushman Bharat Digital Mission would add value to this Bill. But there is a need for more rigorous data privacy legislation as far as healthcare is concerned. The market is cautious towards what this approved bill would have related to this segment,” said Biju Velayudhan, Chief Information Officer at the Coimbatore-based G. Kuppuswamy Naidu Memorial Hospital.
In summary, the bill needs to strike a balance between individual data protection rights and the potential abuse of personal data by both industries and government agencies. The market is particularly concerned about the implementation of checks and balances for personal data shared with data fiduciaries. It is also on the lookout for the costs involved in implementing the bill for individual companies, and the timeframe provided to complete the implementation. Most importantly, the market wants to ensure that the bill has no adverse impact on the existing Right to Information (RTI) Act.
The market believes that the bill will adopt a judicious and balanced approach and is poised to uphold the principles of privacy protection while fostering innovation and growth.
THIS ARTICLE IS POWERED BY
