The draft data privacy law surprises with its simplicity
It’s now been over a decade that I’ve been waiting for a data protection law. Over that time, I have on numerous occasions (and with misplaced enthusiasm) assured colleagues around the world that a law was imminent. Each time, I’ve had to sheepishly eat my words when the then current draft was either re-written or withdrawn—to the point where this has become a standing joke in the international round-tables and conferences that I attend.
And yet, when I heard that the Digital Personal Data Protection Bill has been listed as one of the items of business to be taken up in the 12th Session of the 17th Lok Sabha commencing later this week, I couldn’t help feeling more hopeful than I have at any previous time in the past 10 years. The very first draft of a data protection law I worked on was in 2012 when the government was looking to establish a privacy framework to support the Aadhaar identity project. That draft did not, for various reasons, make it to Parliament, but several of the concepts contained within it got incorporated directly into the Unique Identification Authority of India Act.
This contributed in no small measure to that law eventually being upheld by the Supreme Court when it was challenged on the grounds of violation of privacy. During that very case, the government assured the court that it would enact a data protection law. To that end, it appointed Justice B.N.
Srikrishna to prepare a report on what such a law should look like. I, along with many others in the tech policy community, participated in the wide-ranging discussions that ensued, sharing views on what an Indian data protection regime ought to contain. Throughout this period, there was a healthy diversity of views across a range of participants,
. Read more on livemint.com
