In a recent development, the Union Cabinet gave its nod to the Draft Digital Personal Data Protection Bill (DPDP), 2022. The approval came with significant changes, including lowering age of consent for data processing and providing exemptions for some companies. Anticipated to become India’s principal data governance framework, the bill was proposed six years after the Supreme Court declared privacy as a fundamental right.
Following this, three additional laws have been proposed in the IT and telecommunications sectors to provide a framework for the rapid growth of the digital ecosystem. They include the Digital India Bill, Indian Telecommunication Bill, 2022, and Non-Personal Data Governance Policy.
Expected Changes in the DPDP Bill
One of the major changes expected in the bill is the lowering of the age of consent for data processing from 18 years to a more flexible approach. The bill is also expected to redefine ‘child’ and grant exemptions to certain entities dealing with children’s data. Another significant shift is the relaxation of norms on cross-border data flows.
Global Regulations on Data Governance
Data governance regulations differ across various jurisdictions. For instance, the General Data Protection Regulations (GDPR) of the European Union (EU) has a comprehensive data protection law focusing on personal data processing. In the United States, there is no comprehensive set of privacy rights or principles similar to EU’s GDPR, instead, it has limited sector-specific regulation. China, on the other hand, has the Personal Information Protection Law (PIPL) that provides new rights to Chinese individuals to protect their personal data.
Challenges of Data Governance in India
Data governance in India faces several challenges. These include insufficient awareness about data protection, weak enforcement mechanisms, lack of standardization, and inadequate safeguards for sensitive data such as health and biometric data.
Current Scenario of Data Governance in India
The landscape of data governance in India is currently regulated by the IT amendment Act, 2008, Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, and the proposed ‘Digital India Act’,2023 intended to replace the IT Act, 2000. Other important data governance developments include Justice K. S. Puttaswamy (Retd) vs Union of India 2017 and B.N. Srikrishna Committee 2017.
The Way Forward
Going forward, the government should prioritize data protection and create an independent data protection board with parliamentary or judicial oversight for effective data governance and enforcement. It’s imperative to strike a balance between stringent data protection regulations and fostering innovation to avoid stifling creativity and impeding cross-border data flows.
Previous Year Questions (PYQs) Related to the Topic
In the UPSC Civil Services Examination, several questions have been asked related to the topic of data governance. For instance, in 2021, a question was posed about the constitutional article that protects ‘Right to Privacy’, with the correct answer being Article 21. Another question from 2018 asked candidates to identify the parts of the Constitution that correctly imply that ‘Right to Privacy’ is an intrinsic part of ‘Right to Life and Personal Liberty’. The correct answer here was Article 21 and the freedoms guaranteed in Part III.
Last Modified: February 22, 2024