This article analyzes the gaps and challenges in India’s Data Protection (DPDP) Bill, 2022, which is the government’s third attempt at drafting a data protection law. The analysis covers issues related to data use, limited scope, and reach of the proposed data protection board.
What is the Context?
India’s government is set to present the DPDP Bill during the ongoing monsoon session of Parliament. The bill aims to protect personal data, but it faces criticism for not addressing critical gaps that could hinder its implementation and overall effectiveness in safeguarding user privacy.
Issues around Data Use:
The DPDP Bill focuses solely on protecting personal data that can directly or indirectly identify an individual. However, in the modern data economy, entities utilize both personal and non-personal data to target and profile users. Non-personal data, when combined with other datasets, can lead to re-identification, threatening user privacy. The bill lacks provisions to penalize data-processing entities for re-identifying non-personal data as personal data. A simple solution would be to include a penal provision for such activities.
Limited Reach of Data Protection Board:
The DPDP Bill entrusts the data protection board with enforcing the law, but it can only initiate proceedings based on complaints or directions from the government or court. This limited approach does not account for users’ diminished control and knowledge over data transfers and exchanges. Users may lack resources or incentive to approach the data protection board individually, making it essential for the board to have the power to initiate complaints on its own. This approach has proven effective in other regulatory bodies like the Competition Commission of India.
Addressing these issues is vital for the successful implementation of the legislation and to ensure its relevance in the rapidly evolving digital landscape.
Conclusion and Way Ahead:
India’s data protection law must be comprehensive, future-proof, and capable of safeguarding the privacy of over 1.4 billion Indians. To achieve this, the DPDP Bill needs to address the issues related to data use and grant more authority to the data protection board. By doing so, India can create an effective data protection framework that benefits both individuals and entities.
To explore more analysis on current affairs, please visit