Jana-gana-mana-adhinayaka, jaya he; Bharata-bhagya-vidhata. …
Jaya he, jaya he, jaya he, Jaya jaya jaya, jaya he!
(Thou art the ruler of the minds of all people; Dispenser of India's destiny. ...
Victory, victory, victory to thee.)
These are the opening and closing lines of the Indian national anthem. Powerful, deep and beautiful words penned by Nobel Laureate Rabindranath Tagore in 1911, the anthem inspires and invigorates every Indian. As I pen these notes a day after we in India celebrated 75 years of our independence, the anthem is still reverberating in my head.
To add to the uplifting of spirits on this day was what Prime Minister Narendra Modi said in his Independence Day speech: “India's techade is here. With 5G, semiconductor manufacturing, and optical fibres in villages, we are bringing a revolution through Digital India to the grassroots level.”
This uplifting of the mood was much needed, by the way, given that exactly two weeks ago we saw the much-awaited Indian Data Protection Bill withdrawn from Parliament, two years and eight months after it was first introduced. I could almost hear the loud collective groan emanate from various stakeholders. As a friend quipped in half-jest, "Even the Indian Constitution got done in one year!"
Pausing and reflecting after the initial "oh no!" reaction, I thought it was a blessing in disguise. Given how the bill had morphed into a "Personal Data Protection+++" bill with various aspects having little to do with personal data protection or privacy, maybe looking at it afresh may perhaps keep it focused on just privacy? Much as the other aspects are needed to be addressed via legislation for sure, whether the Data Protection Bill was the appropriate home for it was highly debated in the country. I am hopeful the new bill remains focused and clear.
I am especially encouraged by what the Union IT Minister, Ashwini Vaishnaw, talked of when the bill was withdrawn — that the government is looking at “a very comprehensive set of legislations which address the fundamental constructs within the digital landscape.” And this is urgently needed for sure. If we are in the midst of a "techade," the lack of appropriate guardrails to navigate this techade can be disastrous, to say the least. A quick scan of just the data leakage incidents in last few weeks the IAPP’s Daily Dashboard has covered is ample evidence of the urgent need.
However, being a glass-half-full kind of person, I look at some of the positive developments around me and remain encouraged about the months ahead. These include:
- The government announced their intention to introduce the Digital India Act as a replacement to the two decades old Indian IT Act.
- The Reserve Bank of India (India’s Central Bank) released a new regulatory framework to govern digital lending including lending through online platforms and mobile applications. Among various aspects, the framework addresses "unbridled engagement of third parties, mis-selling, breach of data privacy, unfair business conduct, charging of exorbitant interest rates, and unethical recovery practices" per the RBI’s press release.
- The National Informatics Centre that is responsible for the Aarogya Setu App (India’s app built for COVID management) said that the Data Access and Knowledge Sharing Protocol instituted by the government has been discontinued as the app morphs from a contact tracing one to an overall health management app.
Meanwhile, neighboring Bangladesh announced that their Personal Data Protection Legislation is in the making. Sri Lanka already has one. As this part of Asia catches up with its Asian neighbors, for privacy professionals like me, these are exciting times indeed.