The New deadline for Data Protection Act is Budget Session 2023

According to this news report in NDTV profit, the Minister of IT Mr Ashwini Vaishnaw has stated that he is hopeful of the new data protection bill to be passed in the next budget session. It is stated that the draft is in final stages and would be released for public comments soon.

According to the statement Mr Vaishnaw is reported to have said

“Without compromising with any of the principles of privacy or with the SC judgement… we have prepared a new draft. We have completed the Parliament’s process today, and we will take the new draft through the approval process very soon. Very soon, hopefully by the Budget session, we should be able to get a new law passed,”

Minister of State for Electronics and IT Rajeev Chandrasekhar reportedly has said the government would develop a comprehensive framework covering all aspects of the digital economy with dedicated rules for data privacy, emerging technologies, and data governance framework.

If the report is to be believed, the next version of the bill will be a comprehensive legislation along with the Information Technology Act, National Data Governance framework.

On several occasions, Mr Rajeev Chandrashekar has stated that ITA 2000 is 20 years old and needs a comprehensive amendment.

We can therefore expect a combination of ITA 2ooo, current PDPB 2019 and the Non Governance data Governance framework as suggested by the Kris Gopalakrishna Committee.

If some body thinks that this will be less complex than the PDPB 2018/2019/DPA 2021, then we should see a miracle in the making.

The objective of ITA 2000 was to enable E Commerce and prevent Cyber Crimes besides setting up a system of quick grievance redressal through adjudication.

The Objective of PDPB2019 was to protect the Right to Privacy as per the Supreme Court definition of Privacy and the objective of DPA 2021 was broader to include some aspects of Non personal data protection.

Now it is intended that “Protection of Non Personal Data”, “Governance of Non Personal Data”, “Protection of Privacy through personal data protection” will all have to be combined in one single legislation.

The regulator of ITA 2000 (CERT-IN) is focussed on Cyber Security and regulator of PDPB 2019 was focussed on Personal Data Protection. The Non Personal Data Governance on the other hand is not a “Protective duty”. It is a promotion of monetization of Non Personal Data which goes with the promotion of E Commerce under ITA 2000 which was one of the objectives of ITA 2000.

The Government is again trying to create a mixture of “Promotion” and “Protection” into one law and one regulator which will introduce several challenges.

While we shall wait for the Government to release its draft for public comments, we intend developing a draft legislation so that it can address all the stated objectives of the Government.  There is no doubt that the Government is not expecting any assistance from the private sector in designing the law, but it is our duty to place our reasonable suggestions before the Government drafting committee so that the process of legislation can be speeded up.

From time to time, I will share the work in progress through these columns.


About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.