Data Protection Bill: Formulation and empowerment of the enforcement authority must be done right
Personal data protection in India has been neglected for too long.
The Union Cabinet has given its approval to the Digital Personal Data Protection (DPDP) Bill today, multiple reports have confirmed. The aim of the bill is to protect the data of citizens and hold accountable business entities handling the same.
Notably, personal data protection in India has been neglected for too long. My personal data was leaked in Domino's Pizza breach as well as Big Basket Breach back in 2020, but in the absence of a personal data protection bill, these organizations could not be held to account for their inability to secure customer data.
While the European Union has adopted GDPR and enforced it very diligently, India has been way behind. The various versions of data protection bills have been in circulation for the last 5 years, and eventually now a version seems to be on its way to be tabled in the Parliament.
Having read this bill, I am a bit disappointed that it is rather watered down. It is simplified to an extent from previous versions, but seems to have given too much exception to the state.
Also, the actual details are omitted often leaving a lot of the provisions subject to interpretation by the government in power.
The bill also spells out penalty for non-compliance to be levied by a data protection board to be constructed after the bill is notified. However unless such a board is empowered properly, none of the penalty provisions can be really imposed.
In summary, the bill being approved by the Cabinet is no guarantee of protection of personal data unless the formulation of the enforcement authority is done right and empowerment of such authority is done properly and the authority is headed by the right people.
Sandeep Shukla is a professor in the Dept of Computer Science and Engineering at the Indian Institute of Technology-Kanpur (IIT-Kanpur).
Note: The views expressed by the author are his own and not necessarily those of HT Tech.