Gaps in India's Digital Infrastructure: Addressing Data Breaches and Strengthening Governance

Gaps in India's Digital Infrastructure: Addressing Data Breaches and Strengthening Governance
Posted on 15-06-2023

Gaps in India's Digital Infrastructure: Addressing Data Breaches and Strengthening Governance


Recent incidents, such as the data breach on the CoWin platform and allegations of censorship by the Indian government, have highlighted the discrepancy between the vision of Digital India and the reality. The government's response to these events, including denials and deflections, has raised concerns about data security and governance. This article explores the issues surrounding data breaches, the government's response, and proposes strategies to address these gaps.


Data Breach Incidents and Government Responses:

The CoWin data breach exposed sensitive personal information, leading to public outcry. Initially, the government denied the breach, terming the reports as mischievous. The Ministry of Electronics and IT (MEITY) later attributed the leak to previously stolen data. The lack of a transparent and consistent response from the government raised doubts about data privacy measures.


Allegations of Censorship by the Indian Government:

The former CEO of Twitter claimed that the Indian government coerced the platform into censorship regarding the farmers' protest. MEITY responded by accusing Twitter of violating Indian laws and weaponizing misinformation. This exchange highlighted the need for clear guidelines and transparency in dealing with social media platforms.


Past Incidents of Data Breach:

Instances such as the EPFO breach, AIIMS ransomware attack, and breaches on the RailYatri portal underscore the recurring nature of data breaches in India. The absence of timely investigations and public disclosure by the Computer Emergency Response Team (CERT-In) further exacerbates the problem.


Issues with the Government's Response:

The government's tendency to deny incidents and downplay their severity has become a predictable pattern. CERT-In's silence on technical findings and the absence of a National Cyber Security Strategy contribute to the lack of an effective response. Additionally, the absence of a comprehensive data protection law and the exemption of government entities from compliance further undermine data security.


Challenges with Digital Public Infrastructure (DPI):

Although initiatives like UPI have expanded economic opportunities, the lack of legislative mandates, weak governance processes, technical inefficiencies, and excessive data collection by platforms like Aadhaar and AarogyaSetu pose significant challenges. These shortcomings increase the risk of data breaches and hinder efficient service delivery.


Government's Strategy to Address the Issues:

To overcome these challenges, the government should prioritize providing statutory status to digital platforms, ensuring data protection and accountability. Legislative frameworks and constitutional frameworks should guide the development of digital systems. Balancing innovation with regulatory and institutional frameworks can help mitigate individual harms while fostering innovation.



India's digital revolution holds immense potential, but it must be built on a solid foundation of data security, transparency, and accountability. Strengthening governance processes, enacting comprehensive data protection laws, and providing statutory status to digital platforms are crucial steps in bridging the gaps and safeguarding the digital infrastructure. By addressing these issues, India can realize its vision of becoming a global model for digital transformation while ensuring the protection of citizens' data and privacy.

Thank You