Digital Personal Data Protection: Why government should bring it to Parliament in the monsoon session

GoI has denied the reported breach of the CoWIN database containing personal information of vaccinated persons. This is not the first such scare. Perception that information people routinely provide – bank account, credit card, Aadhaar, passport, insurance numbers, etc – is not safe is damaging. Sustaining the pace of digitisation requires giving people the confidence that their data is safe. Misplaced or not, this perception of safety must be addressed with a robust regulatory data protection framework. GoI must bring the proposed Digital Personal Data Protection (DPDP) Bill 2022 to Parliament in the monsoon session, and ensure its speedy passage and implementation.

Though the need for a strong data protection framework to secure privacy was raised 11 years ago by the AP Shah Committee, serious efforts were initiated six years ago after the Puttaswamy judgment and the Justice Srikrishna Committee report. The DPDP Bill, a second attempt at a legal framework for data protection, sets out rights and duties of citizens and obligations of organisations for using data. Released for public consultation in November 2022, it builds on stakeholders’ views and recommendations of the joint parliamentary committee on the earlier iteration.

India is digitalising at a rapid pace, outstripping other major economies. The growth in digital payments, 48.6 billion real-time digital payments in 2021, reflects this. Restoring confidence in the safety of people’s data will help accelerate the growth of the digital economy. A framework that provides assurance to digital users is critical, and assistance on this front can be sought with technological partners like the US. Getting spooked by real or perceived threats is not an option for Digital India.