Strengthening India's Data Protection Law for a Secure Digital Future

Strengthening India's Data Protection Law for a Secure Digital Future
Posted on 22-07-2023

Strengthening India's Data Protection Law for a Secure Digital Future


The Indian government is gearing up to present the Digital Personal Data Protection Bill, 2022 (DPDP) in the current session of Parliament. While this third attempt at drafting a data protection law holds promise, there are critical gaps that may hinder its implementation and overall success.

Key Features of the 2022 Bill:

The DPDP Bill aims to strike a balance between safeguarding individuals' right to protect their personal data and the legitimate need to process such data for lawful purposes. It applies to digital personal data collected both online and offline if digitized. Additionally, it extends its jurisdiction to processing personal data outside India when offering goods or services or profiling individuals in India.

Consent is a central tenet of the bill, requiring data processing only for lawful purposes with prior notice and the option for individuals to withdraw consent at any time. The bill grants individuals certain rights, including information access, correction, erasure, and grievance redressal, while also imposing duties to ensure the responsible use of personal data.

Challenges and Proposed Solutions:

  1. Exclusion of Non-Personal Data from Protection: The DPDP Bill solely focuses on safeguarding personal data, overlooking the potential risks posed by non-personal data when combined with other datasets to identify individuals. To address this, the legislation should introduce provisions penalizing data-processing entities for re-identifying non-personal data into personal data.

  2. Limited Reach of Data Protection Board: The Data Protection Board, responsible for enforcing the law, has a limited scope for initiating inquiries on its own. Similar to the Competition Commission of India (CCI), empowering the Data Protection Board to initiate complaints independently will enhance its effectiveness.

  3. Learning from the EU's Legislation: The EU's General Data Protection Regulation (GDPR) serves as a valuable reference, offering comprehensive data privacy provisions. However, India must learn from the GDPR's challenges to avoid creating a toothless law. A future-proof approach that anticipates emerging technological advancements and global best practices is crucial.


Securing the digital rights and privacy of individuals in India is of utmost importance as technology continues to play a significant role in various aspects of life. While the DPDP Bill 2022 covers essential aspects, there is a need for refinement to ensure comprehensive protection of both personal and non-personal data. By incorporating penal provisions, empowering the Data Protection Board, and drawing insights from international laws, India can create a robust and effective data protection legislation, paving the way for a secure digital future for its citizens.

Thank You