The Journey to a New Data Protection Act of India (NDPAI)-Shape of things to come

With the Government of India withdrawing the Personal Data Protection Bill 2019  with a ministerial assurance that the new draft for a “Comprehensive Perfect”, “Digital India Act” which could replace Information Technology Act 2000, PDPB 2019 as well as “Telegraph Act”, “Crypto Currency Bill” etc., the road to a new Data Protection Regime in India is now open.

The ministers and those who are politically supporting the move have been making some illogical statements to give some logic to the decision. However, the logic presented lack conviction and the truth is that the Government has been persuaded to drop the Bill by the US based Big Tech firms and supported by their Indian counterpart namely NASSCOM.

Both Mr Ashwini Vaishnaw and Mr Rajeev Chandrashekar are now making statements which look like the explanations of Sanjay Jha or Sumant Sriraman on many of the TV debates supporting Rahul Gandhi or Partho Chatterjee. Less said about these justifications, better it is.

Excuses like high cost of compliance, the non existent data localisation, too many amendments to contend with, criticism on extra constitutional powers to Government, need to modernise etc are quoted as reasons for the withdrawal of the Bill. These are the typical statements of the political spokespersons who try to defend the indefensible.

We shall therefore ignore these comments and focus only on the new draft which they promise is almost ready to be released for public comments so that they can keep the dissenting voices shut for some more time.

Yesterday we speculated that NASSCOM and Crypto Lobby were possibly behind the move to the withdrawal of the Bill which wasted 4 years of work on the bill instead of working around the suggested amendments of the 30 member JPC. This view has now been vindicated by further reports that are emerging.

We are also seeing some crocodile tears being shed by some to say that withdrawal of the bill is a set back to the citizens and their privacy.

We must accept that different ministries of the Modi Government are slowly succumbing to the pressures of lobbies for whatever reasons that could lie behind and compromising their activities. expresses its deep dissatisfaction about these developments but would as always redouble its efforts to see that we focus on what needs to be done in future rather than what mistakes have been committed in the past.

Let us therefore look at the framework of the shape of things to come…

The first task before us in the designing of the new data protection act of India (NPDPAI) is to decide whether we are looking at a “Stand alone Privacy and Data Protection Act” or an act that combines “ITA 2000”, “Non Personal Data Governance Act” and “Telegraph Act”.

Prudence indicates that “Personal Data Protection Act” has to be distinct from “Non Personal Data Governance Act”,  “Information/Cyber Security Act”, “E Commerce Act”, “Digital Signatures Act”, “Digital Data Disputes Act”, “Payment and Settlement Act”, “Communication Convergence Act” “Crypto Assets Regulation Act”, “UIADAI Act”, “Digital Copyright Act” etc.

If we try to combine all of this into a “Digital India Act”, then it will be a disaster.

We shall therefore presume that separate legislation would be required for “Privacy and Data Protection” and work on it. In case the Government opts for the Kichdi Act, the Privacy and Data Protection Act can be a chapter of the Kichdi Act.

Similarly the Non Personal Data Governance Act as envisaged under the Kris Gopalakrishna Committee could be another chapter.

Information Technology Act with its amendments combines today aspects that could have been split into Digital Contract Act, E Commerce Promotion Act, “Adjudication of Digital disputes Act” is better left out as a separate act as it deals with the basics of “Recognition of Electronic Documents”, “Definition of Digital Authentication” and “Intermediary Liability”.  However, if the Government wants to kill even this Act as it is inconvenient to the Social Media Platforms due to the recent Intermediary Guidelines and CERT-IN Guidelines, then we can look at a massive and complex law.

A Government which could not draft a simple Personal Data Protection Act (eg; Personal Data Protection Bill 2006)it would be a herculean task to design a “Comprehensive” and “Perfect” law which their utopian dream. It is possible that this is like a manifesto item in the election campaign and is only meant  to be a promise and an excuse not to make any law.

However, starts a discussion on the “Shape of Things to Come” through a series of articles that will follow.

Watch out this column…

Next article


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.