The introduction of India’s Digital Personal Data Protection Bill, 2023, to parliament today, August 3, does far more to threaten privacy than to protect it.
As several members of Parliament opposing the Bill highlighted in India’s lower house, Lok Sabha, the Bill violates the right to privacy, grants unchecked powers to the government, and expands the scope for surveillance. The rights of 1.4 billion people in India hang in the balance.
The current draft is the most damaging one yet in terms of the unrestricted powers it grants to the government and its failure to effectively regulate private firms dealing with data. In addition to sweeping exemptions, the government has been given broad powers to block information and services on vague grounds such as “in the interests of the general public.” This draft also reflects a mutation from data protection to censorship as it empowers the proposed Data Protection Board and the government to block information without any oversight.
An effective, world-class data protection law requires core tenets: an independent regulator; actionable rights and remedies; clarity on cross-border data flows; and business certainty and meaningful accountability from all data collectors, including the government. The Bill is devoid of each of these.
Members of Parliament must ensure that the Digital Personal Data Protection Bill, 2023, does not pass without substantive amendments. Changes must make privacy the primary focus, otherwise the Bill will fail the people of India, representing a lost opportunity for the country to be a global leader with an effective, rights-respecting, and business-enabling data protection regime.