In this digital age where companies can track every byte of information, India's PDP Bill 2019 aims to give citizens the right to control their data. The Bill defines personal data as any information about or relating to a natural person who is directly or indirectly identifiable and linked to any characteristic, trait, attribute, or other identifying feature, whether online or offline.
Personal Data Protection (PDP) Bill has been forming a tangible guarantee of the right to privacy years after the Supreme Court of India recognised it as a fundamental right. Tabled in 2019 by former Electronics and Information Technology Minister Ravi Shankar Prasad, the Bill seeks to regulate the collection and storage of data. Since then, the Joint Parliamentary Committee (JPC) that was set up to deliberate on it has recently adopted the draft report on the Bill. However, to understand the bigger picture, one must examine data localisation and protection.
Recommended ArticlesView All
View | Pakistan Election: Will Imran Khan's changed tack from long march to resignations to snap poll work?
IST5 Min(s) Read
View | G20 Presidency: India can shape global Web3 narrative
IST6 Min(s) Read
PDP Bill 2019: Causes, Provisions, Consumer Reaction
In this digital age where companies can track every byte of information, India's PDP Bill 2019 aims to give citizens the right to control their data. Modelled after the California Consumer Privacy Act and the General Data Protection Regulation (EU), two noteworthy pieces of legislation from different parts of the world have given citizens more control over their data.
It aims to protect a user's rights in terms of how data is processed via –
The Bill defines personal data as any information about or relating to a natural person who is directly or indirectly identifiable and linked to any characteristic, trait, attribute, or other identifying feature, whether online or offline. The implementation of this Bill as the law will be undertaken by a central Data Protection Authority (DPA).
When it comes to people's expectations of the Bill, the findings of a survey conducted by Tsaaro, a data protection-as-a-service provider, indicate the popular mood. When respondents were asked whether they agreed with the proposed provision of inculcating data localisation concerning organisations operating outside India, 70 percent of them agreed to the provision.
While 93 percent agreed that social media platforms will now have to adhere to Indian privacy laws, many respondents felt that the existing provisions are insufficient compared to the technology progression. They felt that once the Bill is enacted, there should be a given time within which the organisation must ensure compliance, a retrospective application of provisions and an agreement on data localisation as a must for social media channels operating in India.
Decoding the need for Data Localisation
We can trace the initial push for data localisation to the RBI's interventions on securing India's financial data within its borders. As the digital economy booms, there are four key concerns over the free flow of data –
Concerning national security, it gets difficult for Indian law enforcement agencies when the personal data of Indian citizens is not stored in the country. The Justice Srikrishna Committee report says that personal data access to law enforcement agencies is also a key reason for data localisation. It explicitly cites the local data storage to facilitate faster access to data for law enforcement agencies.
The issue around national security came into the limelight when fake news circulating on WhatsApp in various parts of India resulted in mob violence against innocent individuals. In such cases, police needed information on the origin and content of the messages, which were (and continue to be) encrypted. The Indian government wants to employ greater regulatory supervision over social media platforms which data localisation would enable. It will also enable local IT businesses to innovate and compete with large technology firms. As per McKinsey, India is the fastest-growing digital economy, and the IT and Communications sectors are expected to double in size by 2025.
India also continues to be the fastest-growing market for mobile and digital banking. Financial institutions and fintech start-ups are likely to benefit from localised, cost-effective cloud services and data storage providers, who can protect their sensitive financial data from identity fraud and other digital breaches.
The PDP Bill 2019 and data localisation can give further stimulus to India's surging cloud and data centre industry, witnessing massive growth due to the explosion of data brought about by pandemic-induced lockdowns and remote working. The government's 'Digital India' mission and focus on self-reliance and data localisation have also played a pivotal part in India's booming data centre and cloud market. Data localisation is also significant in protecting Indians from foreign surveillance. And lastly, data localisation would enable India to maximise the economic potential of the vast troves of personal data it generates for its progress.
A step towards securing India's future
The PDP Bill 2019 and data localisation will eventually combine to bring economic benefits in terms of tax revenue to the government and employment opportunities. An increase in data capacity will also support industries such as content, software development, AI/ML, robotics, etc. Digital companies earn by selling profiled data and advertisements; these data revenues can also generate tax revenues for the Indian government.
India's stance on data localisation and protection offers the opportunity to scale up investments in emerging technologies and drive public-private partnerships (PPP) to expand our role as one of the world's foremost technology providers and secure the future of our sovereign republic.
—Sunil Gupta is the co-founder and CEO of Yotta. Views expressed are personal.