Wednesday, Aug 12, 2020 | Last Update : 06:31 PM IST

140th Day Of Lockdown

Maharashtra53560136843518306 Tamil Nadu3086492506805159 Andhra Pradesh2445491547492203 Karnataka1886111055993398 Delhi1461341316574131 Uttar Pradesh126722767212120 West Bengal98459671202059 Bihar8274154139450 Telangana8075157586637 Gujarat71064542382652 Assam5883842326145 Rajasthan5249738235789 Odisha4592731785321 Haryana4163534781483 Madhya Pradesh3902529020996 Kerala3433121832109 Jammu and Kashmir2489717003472 Punjab2390315319586 Jharkhand185168998177 Chhatisgarh12148880996 Uttarakhand96326134125 Goa871259575 Tripura6161417641 Puducherry5382320187 Manipur3752204411 Himachal Pradesh3371218114 Nagaland30119738 Arunachal Pradesh223115923 Chandigarh1595100425 Meghalaya11154986 Sikkim9105101 Mizoram6203230
  Opinion   Oped  30 Aug 2019  Wider debate needed on major changes in data protection law

Wider debate needed on major changes in data protection law

The writer is a policy analyst at the technology and policy programme of The Takshashila Institution. The views expressed here are personal.
Published : Aug 30, 2019, 4:26 am IST
Updated : Aug 30, 2019, 4:26 am IST

The Data Protection Bill is going to be profoundly important in India’s tech policy landscape, going forward.

MEITY and its bureaucracy could argue that 600 submissions are a lot to process, and not all the comments are relevant to the process.
 MEITY and its bureaucracy could argue that 600 submissions are a lot to process, and not all the comments are relevant to the process.

With the developments in Kashmir and the economy dominating so much of the national discussion, it can be hard to keep track of what is happening about tech policy. One thing that might slip through the cracks are the changes in the Data Protection Bill. According to a recent report by Medianama, the ministry of electronics and information technology, or MEITY, is privately seeking responses to new questions from select stakeholders.  

The Data Protection Bill is going to be profoundly important in India’s tech policy landscape, going forward. It will tackle issues around data privacy, data protection and data processing, all of which have never been discussed at length in Indian law. Based on inputs received from the Srikrishna Committee report, it will also focus on data localisation. So when MEITY initially asked for feedback on the draft data protection bill, it received over 600 comments from individuals and organisations. For this round of comments, the ministry has reached out to only 10-15 stakeholders.  


This raises a host of questions and concerns about the process. First, as Medianama puts it, why the secrecy? With over 600 comments being submitted, the bill is clearly an issue with a significant amount of public interest. MEITY and its bureaucracy could argue that 600 submissions are a lot to process, and not all the comments are relevant to the process. But for a piece of legislation this important, it is surely better to have too many inputs instead of picking and choosing which voices you would like to elevate. There is also not a lot of transparency in the process. How does one figure out the basis on which these 10-15 stakeholders were selected? This is not to imply that the participants asked for feedback are not a decent sample of stakeholders. But this could have been done better had a rationale/basis behind the selection been provided.


Not knowing why some people have been selected and the others ruled out matters more when the bill has sweeping changes. The new version of the bill is reportedly going to address issues in e-commerce and community data. Both these topics were not a part of the Srikrishna Committee or the October consultation process. It is unclear what the bill’s stance might be on both these matters. To make an educated guess on e-commerce, the bill might condense and borrow aspects from the draft e-commerce policy from earlier this year. It is anyone’s guess what those aspects might be, but it does narrow down the list. As for community data, there does not exist such a precedent. It is frankly shocking that the consultation has been labelled as “clarifications” in the bill. If entire new industries are being addressed under the document, then surely it should be classified as additions/revisions, and thus call for comments from all stakeholders. It might not have been acceptable to have a selection of stakeholders for a round of clarifications on data protection. And that is even more so when it comes to picking and choosing stakeholders regarding legislation that has such substantial changes.


This lack of transparency also makes one question the importance given to the comments submitted earlier. There is clearly value in having documents that present the perspectives of stakeholders across the industry, academia and civil society. But given the recent turn of events, who can say whether these perspectives have been reflected in the new version that is being circulated for feedback. The idea here is not to give credit to organisations/individuals who may have caused tangible changes in policy. Instead, it is to ensure that the process that goes into finalising the document is truly multilateral.

The final version of the policy will still have winners and losers. No legislation is objectively perfect. This is especially true in technology, where most laws find it hard to keep up with rapid advances in the industry. If the industry wins through lax laws on data privacy, civil society arguing for stronger privacy laws will de facto lose. What the consultations should then aim for is to reflect that different views on subjects were considered before making trade-offs in favour of one over the other.


What makes this situation even more bizarre is that up until this point, the process has been fairly transparent. The Srikrishna Committee’s recommendations were comprehensive and publicly available. As was the first round of comments in October 2018, even though the comments submitted were not made available to the public. Why then has the second round of inputs been restricted to just a few people without any explanation? Not allowing public comments while adding e-commerce and community data to the mandate is going to have negative implications when the bill finally comes out. A large share of stakeholders in academia, industry and civil society are going to have fundamental disagreements on the way this was carried out, as well as its contents.


Indian policy towards all things technology is slowly catching up with advancements. As new legislation comes out regarding other emerging technologies such as artificial intelligence, fintech, and the Internet of Things, it would make sense to involve multiple perspectives while designing it. Failure to do so is likely to have an adverse impact on the adoption of these technologies and, by extension, India’s development.

Tags: data protection bill, meity