-Ayshwaria Lakshmi (cbedit@imaws.org)
On July 5th, the cabinet approved a draft of the Digital Personal Data Protection Bill, paving the way for India’s first privacy law. This proposed bill would be tabled in the Monsoon session of the Parliament starting July 20.
The bill was first introduced in December 2019 and was withdrawn in August 2022 after feedback from stakeholders and agencies. Later in November last year, it published a draft titled the Digital Personal Data Protection Bill 2022 and was open for feedback from the public.
Albeit late, the bill’s approval is a significant milestone in India’s journey to enhance trust in data privacy laws. The market issued over 20,000 feedbacks on the draft. Some concerns pertain to the extent of government control and powers, as well as potential content-related issues.
Several concerns remain unclear in terms of their status such as The potential impact of the bill on the existing Right to Information (RTI) Act, where the government could legally deny information sought under the RTI Act. The extensive power granted to government agencies to access citizens’ privacy data. The immaturity and unlimited nature of the executive’s powers regarding children’s data.
The Digital Personal Data Protection Bill has positive market expectations. It will create opportunities for data protection and cybersecurity companies, while larger firms can strengthen their competitive advantage. Start-ups may benefit from innovative solutions, and consumer trust in digital services is expected to improve. Compliance challenges may arise for smaller companies though there will be enough time permitted for achieving this. Monitoring developments and consulting experts is crucial for informed decision-making.
The Data Privacy Bill’s approval is a positive step, but cautionary points arise. The market seeks a balance between privacy and innovation, clarity on permissible data processing, and safeguards that promote innovation while ensuring privacy protection. Cross-border data transfers need attention, enabling legitimate flows while safeguarding personal information. Practical provisions are essential to prevent compliance challenges for businesses of different sizes.
In summary, the bill needs to strike a balance between individual data protection rights and the potential abuse of personal data by both industries and government agencies. The market is particularly concerned about the implementation of checks and balances for personal data shared with data fiduciaries. It is also on the lookout for the costs involved in implementing the bill for individual companies, and the timeframe provided to complete the implementation. Most importantly, the market wants to ensure that the bill has no adverse impact on the existing Right to Information (RTI) Act.
The market believes that the bill will adopt a judicious and balanced approach and is poised to uphold the principles of privacy protection while fostering innovation and growth.