Season’s Greetings from India!

We are in the midst of what I call the "festivals season" in India. Depending on which part of the country one is in, a variety of festivals are celebrated that signify new beginnings, the triumph of good over evil, bringing forth the various strengths that each of us has within us and so on. The culmination of this is Diwali — the festival of lights.

This season generally generated a lot of optimism, too — a large part of which, I am sure, is owing to the boost in economic activity that is generated. I see this optimism has also permeated the realm of data protection and privacy and extended to the broader canvas of governance around data and technology, given the various discussions, announcements, communication and action that we are seeing from the concerned ministers and powers that be both at the central (federal) and state levels. All in all, there is a sense that things are moving slowly but surely.

India’s Personal Data Protection Bill

In a recent interview, the Minister of State for Electronics and IT — Rajeev Chandrasekhar, gave an indication of what is to come. One indication is that the much-criticized data localization measures that restricted cross-border data flows are expected to be relaxed. However, this will be subject to the "data of citizens being safe even if it is stored in a cloud architecture" and Indian law enforcement and government organizations having access to Indian citizens’ data when it is stored outside the country.

At the same time, he stated the government is "not going to rush through in a hurry" and have "artificial timelines" imposed on it, while the long-awaited India Personal Data Protection Bill will be done soon.

The first draft of the bill is expected to be put out for public consultations as early as late October or early November.

Meanwhile, the lack of law continues to stall other activities. Two that made headlines recently:

  • A U.K.-India Free Trade Agreement was in its final stages. It was targeted to conclude by Diwali (10 days away) but stalled on two counts — one of which is foreign companies not being allowed to take data out of India owing to data localization rules. Such is the impact of lack of clarity on this front.
  • The Reserve Bank of India (India’s central bank) announced it would shortly pilot a "digital rupee" for specific use cases. While making this announcement via a concept paper, it simultaneously expressed its concern over privacy and data protection and said the same must be carefully considered.

Beyond personal data protection

Revised IT rules

Under the existing law governing IT in India, the Indian Information Technology Act, a number of rules exist addressing various facets of IT. Passed more than a decade ago, many are being revamped to deal with the current reality. One particular aspect expected in the revamp are actions impacting social media platforms. Long discussed and debated in the media, the upcoming revised rules will likely include the setting up Grievance Appellate Committees to address user concerns around social media platforms.

Recall that the withdrawn PDP Bill also had a section specific to social media platforms. Social media will continue to be a point of focus and debate, addressed across multiple laws and regulations.

Proposed Indian Telecom bill — to replace the colonial era Telegraph Act

A proposed replacement to India’s communications law, the Indian Telecommunications Bill, was also recently announced. The draft talks of giving the government significant surveillance powers via proposals like requiring Big Tech platforms to identify specific customers and allowing Indian authorities to bypass encrypted messages. So we are back to circling around issues of privacy here.

All in all, as digital India gallops ahead, let us hope the momentum around the requisite protections and governance around it also picks up the pace — so that the rights and freedoms of Indians remain safeguarded.