New legislation provides for penalty of up to $30m for data breaches, but raises concerns about government surveillance
Indian lawmakers have passed a data protection law that will monitor how tech companies process users’ data amid criticism that the legislation gives the government sweeping powers to increase surveillance. The law, which was in the making for six years, provides for penalties of up to 2.5 billion rupees ($30 million) .
Critics claim Prime Minister Narendra Modi’s government is seeking to weaken the Right to Information (RTI) Act, which was introduced in 2005 to promote the transparency and accountability of public authorities. The RTI Act was passed when a coalition government led by Congress, now India’s main opposition party, was in power.
What does the new law say?
The Digital Personal Data Protection Bill 2023, which was passed by parliament last week and received the president’s assent on August 12, will allow tech companies to transfer the personal data of some users to other countries. India is the largest market for Google, Meta and other industry giants in terms of user numbers. An earlier version of the legislation had prohibited the transfer of personal data to certain locations specified by the government. However, this draft was withdrawn last year.
The new law safeguards an individual’s digital personal data and also gives users the right to correct or erase their personal data. It also allows the government to waive compliance requirements for certain data controllers such as start-ups. Now, the government can seek information from private firms and also issue orders to block content on the advice of a state-appointed data protection board. The advisory body has been mandated to suggest blocking public access to specific computer resources or platforms.
The government has argued that the law will enhance the “ease of living” and “ease of doing business” in a boost to the country’s “digital economy and its innovation ecosystem.” Several studies show that India’s digital economy is likely to expand by 600% to $1 trillion by 2030 from the current figure of around $175 billion.
Read more
Indian Deputy Minister for Information Technology Rajeev Chandrasekhar has dismissed “misconceptions” regarding the new law amid a growing emphasis on data privacy in the world’s most populous nation. He said the law would protect the rights of all citizens, allowing the innovation economy to expand, and permitting the government legitimate access in the interests of national security and emergencies such as pandemics and earthquakes.