Breach Notification , Governance & Risk Management , Privacy

India's Data Protection Bill 2.0: What Works, What Doesn't

Three experts describe areas where the bill can be improved
(From left): Justice BN Srikrishna, Khushbu Jain and Rahul Sharma

India's current Data Protection draft bill is a sea change from its earlier version. What works in the new bill and what does not work? Three experts - Justice Srikrishna, former justice, the Supreme Court of India, who headed up the earlier draft of the bill; Khushbu Jain, advocate the Supreme Court of India and Rahul Sharma, founder the Perspective, a privacy consultation firm – share their views on the practical implementation of some of the requirements of the bill.

See Also: The CISO's Response Plan After a Breach

“I am surprised that the bill states that the government can be exempted from any provision, government companies can be exempted from the scope of the bill. So your fundamental right is at the mercy of some executive who will pass an order and say he is exempted. Moreover, here the regulator is not an independent body. I am surprised that at every stage they have slowly vetted away whatever little rights individuals had in the previous version,” says Srikrishna.

For Sharma, the current draft bill is simple and not complex, but he says it has been created in a hurried manner. “This bill tries to reduce some of the complexities. It is more simple in drafting. However, in the larger context, it takes away the focus from putting users or data principals’ privacy rights at the center and then drafting the bill accordingly. This comes across as more progressive and has less burden on stakeholders.”

Jain says that to achieve simplicity, the bill has left many things vague. “There are many definitions which have been kept vague, exemptions by the government is also vague. Even on penalties, you are not making it clear.” Jain suggests that when it comes to penalties it is not fair for an Indian startup to pay the same amount as tech giants such as Google.

In a discussion with Information Security Media Group, the panelists also consider:

  • The practical challenges of implementing the bill;
  • The areas where the bill works;
  • What more needs to be done.

Jain is a practicing advocate before the Supreme Court of India and founding partner ARK Legal. She is also a public speaker, skills trainer, opinion column writer and a frequent guest on national television. She specializes in business litigation and handles legal matters around information technology.

Srikrishna is a retired judge of the Supreme Court of India. He was appointed chairperson of the Data Protection Committee that proposed a data protection framework for India. He also serves as chairperson of the Advisory Committee on Individual Insolvency & Bankruptcy.

Sharma is the founder of The Perspective, a consultancy specializing in data policy and privacy. He has more than a decade of experience working in technology, public policy, cybersecurity and privacy.

About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.