India Is Putting In Place New Guardrails For Commercial Use Of Personal Data

NEW DELHI: India’s Data Democracy experiment is poised to acquire a key building block: implementing strict rules to access and use personal data. Last week India moved a step closer with the union government circulating the draft Digital Personal Data Protection Act, 2022 for comments. This replaces the version that was withdrawn earlier this year, just before it was to be put up for a formal clearance by Parliament. The big takeaway from the draft in circulation is that it is pithy. Especially when compared to the draft that was withdrawn. To put it simply the draft law doesn’t try to do too much. Yes, critics are baulking, but let us not forget that regulating technology requires a soft touch—especially given that it changes both exponentially and disruptively. Any overreach will stifle innovation and trigger chaos. In the Indian context the stakes are very high. By deploying Digital Public Goods (DPGs) like Aadhaar, Unified Payments Interface, Co Win and so on, India has leveraged personal data for doing public good. One concern that dogged this impressive project has been the ability and willingness of institutions to secure personal data. How will the new data law secure India’s ‘Data Democracy’ project? To understand this and more we spoke to Rahul Matthan, partner at TriLegal and one of the most active voices on data privacy.