India’s Digital Protection Bill: A Milestone in Data Protection and Global Competitiveness
The Digital Protection Bill which was approved by the Cabinet on 2nd July, 2023 is a much-needed progress of the nation towards a well-designed and robust framework of law on data protection. The objective of the bill is to establish a framework for handling digital personal data that acknowledges the rights of individuals to safeguard their personal information while also recognizing the necessity to process it for legitimate reasons. This is the Prime Minister’s thoughtful drive towards ensuring and building public confidence in the digital ecosystem which shall make India’s global position more secured and efficient by attracting data-driven businesses with global data flows, and shall and facilitate harmonization with laws and regulations in other countries.
India being among the 195 countries of the world who are member of the United Nations Conference on Trade and Development (UNCTAD), has a global responsibility to shift from being among the 9% of the members of UNCTAD having draft legislations awaiting legislative validation and implementation to 71% of the countries who already have well formulated data protection regime. This Monsoon session of the Parliament shall see the most awaited move of the nation towards more economic growth and increased data sovereignty, providing the country stronger control over the data of its citizens.
India’s Personal Data Protection Bill (PDPB) takes inspiration from the General Data Protection Regulation (GDPR), of the European Union, but the Indian Model is far more comprehensive and conducive to the citizens’ right to privacy being reaffirmed as part of personal liberty in the 2017 verdict of the Constitutional bench of the Hon’ble Supreme Court namely Justice K.S. Puttaswamy (Retd.) & Anr. vs. Union of India & Ors. Post delivery of this judgment, in 2018, the Committee of Experts on a Data Protection Framework for India under the chairmanship of Justice B. N. Srikrishna submitted a report suggesting solutions on data protection-related concerns. The Justice BN Srikrishna Committee’s report suggested creating strong rules to protect people’s personal data in India. It said that personal data should include all information that can identify someone, and it is important to ask for permission and only use the data for specific legal purposes. The report also recommended giving people the right to access, correction, and data portability. It said that certain important data should be stored and processed only in India, and there should be a separate organization such as data protection authority in order to ensure compliance and accountability. The report also highlighted the need for data controllers to be responsible, and referred to the practice of considering and incorporating privacy protections right from the initial design phase of a system or technology. These recommendations were used to make and are all incorporated in the Data Protection Bill.
The Indian Law shall be at par with the emerging data protection regimes in countries like Australia, Canada, Brazil, USA, China, or Japan. A comparative prospective shall bring the fact to light that the Indian model law which shall be floated in the monsoon session is much ahead the US or Chinese Data Protection Regime as the US law primarily concerned with safeguarding an individual’s personal space from government intrusion, whereas the Chinese Personal Information Protection Law also primary focuses on misuse of personal data. The Indian law is a hybrid of all existing regimes on data privacy and comprises of the best practices of the global Law in force, compiled and edited keeping in context the filter of the spirit of the Constitution of India which has right to privacy as a fundamental right under Article 21.
The far sightedness of the Narendra Modi Government has well perceived how this effective data protection law shall enable secure cross-border data flows, facilitate international trade, collaborations, and innovation, and shall also provide a solid foundation for the growth of data-driven industries to establish their headquarters in India leading to innovative products, economic advancement, and leadership in digital markets.
The current Data protection bill after being passed into a legislative enactment shall also improve cybersecurity by protecting personal data, important infrastructure, and national security. As the bill follows international data protection standards, India can also work together with other countries, share data, and achieve global respect and recognition. The date protection regime if formulated shall also give people control over their personal information, making them feel empowered and promoting trust and honesty. Above all, the steps taken by the present government towards formalizing the bill into an Act depicts India’s progress on the path of constitutionalism under the transformational leadership of Hon’ble Prime Minister Narendra Modi. Overall, this law can help the country become a global leader in data protection, attract partnerships with other countries, and create a thriving digital environment.
This comprehensive bill, if approved by the Parliament, would take the place of the existing Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules that were introduced in 2011 and for the first time the legislative history of India shall find a globally competitive umbrella legislation on data protection which is the need of the hour.
Article is written by Dr. Guru Prakash Paswan and Ruchi Singh, Both the authors are Assistant Professors, PG Department of Law, Patna University
