Implementing the Personal Data Protection Bill: Mapping Points of Action for Central Government and the future Data Protection Authority in India
Dvara Research, Policy Brief, October 2019
12 Pages Posted: 24 Feb 2020
Date Written: October 3, 2019
The Central Government and the future Data Protection Authority (DPA) will face the complex task of notifying several rules and regulations in order to bring India’s Personal Data Protection Bill (the Bill) into full effect. In the absence of such regulations, even if the Bill is enacted it could have limited impact and effect. There is a pressing need for a clear blueprint of how Central Government and the DPA will work together to systematically release regulation to bring to life the provisions of the Bill. A systematic approach could prevent the ad-hoc passage of rules which could create severe disruptions in the data economy and gaps in consumer protection.
In this policy brief, we set out the actions required from Central Government and the future DPA following enactment of the Bill. These actions are sequenced in order of priority based on our analysis of the inter-linkages of sections within the Bill and the practical requirements of any data protection regime. The sequencing is aimed at ensuring that the main elements of the law come into effect without compromising consumer protections and inducing business uncertainty. This initial blueprint aims to drive forward the conversation on effective implementation, capacity and enforcement for India’s future data protection regime taking into account our unique context.
Keywords: India, Data Protection Bill, Data Protection, Consumer Protection, Policy Brief, Future of Finance, Data Protection Framework, Data Protection Authority
JEL Classification: G,
Suggested Citation: Suggested Citation