As we in India brace for the brutal summer ahead while trying to keep our cheer via the ongoing cricket Indian Premier League and mangos, I am excitedly looking forward to being at the IAPP Global Privacy Summit 2025 next week.
Here at home in India, the digital governance landscape keeps evolving. Even as we eagerly await the finalized Digital Personal Data Protection Act Rules, fresh criticisms continue coming in.
One of the long-standing issues with the DPDPA has been its impact on the Right to Information Act. The latest action came from the INDIA Bloc — a large multiparty political alliance led by the Indian National Congress, India's main opposition party. Over 120 members of Parliament from this bloc came together 26 March to urge repeal of the DPDPA's Section 44(3). They contend this section, which amends Section 8(1)(j) of the RTI Act, allows authorities to withhold any "personal information" without applying the earlier public interest test, even if that information is required for public accountability. Thereby, they believe it would remove the balance between privacy and transparency.
Minister of Electronics and Information Technology Ashwini Vaishnaw countered this. In his 10 April response, he contends Section 3 of the DPDPA exempts publicly available information as well as any other information that is required to be disclosed by law, arguing this protects the right to information.
On a related note, the government has indicated its plans to amend the Aadhaar Act. Officially named the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, it establishes the legal framework for the Aadhaar unique identification number system in India. Via the act, the Unique Identification Authority of India has been set up to manage the issuance and maintenance of Aadhaar numbers. The act was enacted to streamline the delivery of government services and benefits by using Aadhaar for identity verification. To give a sense of the large-scale impact of Aadhaar, over 1.38 billion Aadhaar numbers have been issued — covering almost everyone in India.
The decision to amend it is to harmonize the act with the DPDPA. UIDAI CEO Bhuvnesh Kumar said, "Just an amendment won't be sufficient — we need a new law to bring Aadhaar up to speed with the Digital Personal Data Protection Act (DPDP Act), 2023."
Aadhaar has had several controversies and criticisms over the years. In the context of data privacy, there are conflicts between the operations of Aadhaar and the requirements of the DPDPA. For example, while consent is required to be free, specific, informed and unambiguous under the DPDPA, in reality, several agencies force the use of Aadhaar, violating the principles of consent. There are also several use cases where Aadhaar data is used and reused for purposes the user is not aware of, while the Aadhaar Act restricts the use of the collected data to authentication primarily and any other purposes notified by the government.
Meanwhile, on the artificial intelligence front, the government is considering local storage of AI models. The stated objective is to reduce any risks associated with the models and prevent flow of data outside the country.
Speaking on the sidelines of an event, Secretary of the Ministry of Electronics and Information Technology S Krishnan said, "The true problem lies when data gets shared on a portal or on a mobile app because then the data may go out of the country and may sort of feed the way that a particular model is trained and a lot of the data may go out. On the private side, if the model itself is hosted in India, then the risks of data going out are far more mitigated considerably. All of these factors will be considered before any final decision is taken."
As with other countries, data localization and cross-border data flows are a matter of great concern.
In another interesting development, the Indian Influencer Governance Council, a self-regulatory body that represents digital influencers released a code of standards earlier this month. It covers a variety of topics — from transparency in brand sponsorships to AI influencers to data privacy.
The Competition Commission of India continues to be active. CCI Chief Ravneet Kaur said at a recent event, "AI can enable new forms of collusion such as 'cartels without human communication, price coordination without explicit agreements, and algorithmic discrimination under the garb of dynamic pricing." The commission is in the process of conducting a study of AI and competition — so we can expect some developments ahead.
All in all, despite the heat, we continue to stride ahead on the digital front.
Shivangi Nadkarni is senior vice president and general manager, digital governance at Persistent Systems.
This article originally appeared in the Asia-Pacific Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
