The Data Protection Bill, 2021: A Critical Analysis

Abstract

India's data protection and privacy policies have come under increased scrutiny in recent years as a result of its size and economic importance. The Government of India has enacted numerous legislations which deal with data protection in subjects like credit information, information technology and public sector data access. The scope of privacy protection via judicial system has likewise widened. Despite this, there is no extensive legal framework for protection of data in India and most of the law fails to safeguard individuals' rights to the extent that it claims (or pretends). In the backdrop of above developments this article provides a summary of the important provisions of the Data Protection Bill, 2021 (DPB) relating to the data principals' rights, data fiduciary obligations, grounds on the basis of which personal data can be processed, breach of data, data reporting requirements and an increased penalty framework.
In this article, the author contends that the DPB fails to adequately address privacy-related issues in India's data economy. Instead, a preventive framework is proposed by DPB that oversupplies state intervention while strengthening the state. This might result in a substantial rise in compliance costs for enterprises across the economy as well as a concerning dilution of privacy in the eyes of the state.