ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 27th May. Click Here for more information.
Source: The post is based on the article “So Much Data But Not Much Protection” published in “Times of India” on 16th August 2023.
Syllabus: GS2- Government policies and interventions for development in various sectors and issues arising out of their design and implementation.
News: In this article, the author criticizes India’s new Digital Personal Data Protection Law. He believes that this law will weaken user data protection, favor data collection without proper consent, and provide the government with too much power and control, potentially compromising citizens’ privacy.
What are the limitations of India’s new Digital Personal Data Protection law?
Limitations of India’s new Digital Personal Data Protection law:
Weak Notice Provision:
Clause 5: Data collecting companies (data fiduciaries) don’t need to inform users (data principals) about sharing their data with third parties.
They aren’t required to specify how long the data will be stored. No information on data transfers to other countries.
Consent Issues:
While the ‘deemed consent’ was replaced, the new law still has issues.
Clause 7: Lists ‘legitimate uses’ of data, but they are vaguely defined.
Clause 4: Many uses don’t require user consent, including state functions and medical reasons, potentially undermining privacy.
Government Immunity:
The law allows the government vast powers to gather and process citizens’ data.
Clause 17: Expands exemptions for the government. Data shared with certain government bodies remains exempt from the law, even if shared with non-exempt bodies.
Compromised Independence:
The Data Protection Board lacks independence as its members are appointed by the government.
Undefined Data Fiduciary Category:
Some entities, based on “volume and nature of personal data processed”, might get exemptions.
These “super significant data fiduciaries” won’t have to notify users about data collection, storage, or sharing.
The criteria for these exemptions are unclear, giving the government full discretion.
Overall Theme:
The law leans towards data collection and commercialization, rather than robustly protecting citizens’ rights and data privacy.
