Industry welcomes tabling of Digital Personal Data Protection bill in Parliament

After a long wait, the Digital Personal Data Protection Bill, 2023 was presented in the Lok Sabha by Union Communications, Electronics, and Information Technology Minister Ashwini Vaishnaw introduced. The bill, which brings India closer to having its first legislation that addresses citizens' privacy and establishing guidelines for how individuals' data can be used by private or government entities, was dissented by the opposition members, but the industry has welcomed the move. 

Manish Sehgal, Partner, Deloitte India, said:  “The much-anticipated privacy bill (referred to as Digital Personal Data Protection Bill, 2023), was tabled in the Parliament. Once enacted, it will enable individuals (referred to as Data Principals) to govern their own personal (digital) data, and will drive enterprises (referred as Data Fiduciary) to process personal data of individuals in a lawful manner, for specific purposes only.”  Sehgal added: “in view of the bill’s extra-territorial coverage, enterprises based outside India serving individuals in India will also be expected to adhere to the provisions of this bill once enacted. Enterprises will have to review the current ways of working especially for the personal data of individuals such as their employees, customers, merchants, vendors, etc. to be able to honour the rights that individuals may exercise, such as the right to access, update, erase their personal data etc. Non-adherence of obligation listed in the bill may attract sanctions and commercial penalty as high as Rs 250 crore.” 

The Digital Personal Data Protection Bill, 2023 is the culmination of efforts of the Government and the Industry after multiple drafts for a standalone data protection legislation in India, and is intended to regulate all forms of personal data collected, processed and stored in the digital format and is also designed to apply to entities outside India. Jaspreet Bindra, Founder-MD, Tech Whisperer Ltd, said, “Bringing in the Digital Data Protection Bill is a very welcome step, since this is the first time there is a law to protect data protection and privacy in India. This is especially significant given that India is one of the very few countries where privacy has been declared to be a fundamental right of its citizens. The formation of the Data Protection Board and the fact that it will be housed by professionals is also very welcome.” 

The introduction of the bill faced strong opposition from the members of the opposition, who raised concerns about its potential violation of the fundamental right to privacy. They demanded that the bill be sent to the standing committee for thorough scrutiny, citing the withdrawal of a similar bill on data protection by the government last year. 

To this, Minister Vaishnaw clarified that the bill is not a money bill and assured the opposition that all issues raised will be addressed during the debate on the bill. Even the minister of State of IT, Rajeev Chandrasekhar, posted a tweet on X (formerly Twitter) sharing insights on the significance of Digital Personal Data Protection.  The government is claiming that the bill is a crucial step towards achieving the vision of global standard cyber laws for India's $1 trillion digital economy and IndiaTechade.

Amit Jaju, Senior Managing Director, Ankura Consulting Group (India) compares the bill with the European Union’s GDPR, stating there are several similarities, such as the emphasis on consent, rights of the data subject (similar to Data Principal in the Indian bill), and penalties for non-compliance. “However, there are also differences. For instance, GDPR has stricter regulations on data transfer outside the EU and has provisions for the "right to be forgotten", which allows individuals to request the deletion of their data under certain circumstances. The Indian bill, on the other hand, has a focus on the establishment of a Data Protection Board, which is not a feature of the GDPR."

Amidst support and opposition, it is only when the bill is passed in the Parliament further guidance on the implementation of the bill will released in the coming months.