As the PDP Bill was withdrawn from the parliament during the monsoon session of 2022 to introduce the new comprehensive data protection bill, through this paper, we highlight the concerns with the envisioned Data Protection Authority within the previous versions of the Bill to, in turn, inform the new bill.
The PDP Bill provided a contour for setting up a DPA that will protect the interest of the data principal, formulate rules, functions, penalties and boundaries for data fiduciary and processor, supervise compliance with the bill, and perform an adjudicatory role in matters of informational privacy. This future regulator must be made through greater regulatory synergy, capacity, financial independence, coordination between the regulators and state governments, and responsive policymaking.
But the envisioned DPA, as it stands now, has various issues in terms of structural and functional aspects, which need urgent attention as we move forward. To bring a robust DPA for India, in this policy paper, we suggest means and strategies advised by international best practices and other legacy regulators in India that would aid in the process of building DPA, keeping regulatory synergy, capacity, accountability, independence etc., as core values.
The report is authored by Kamesh Shekar, Privacy and Data Governance at The Dialogue; Karthik Venkatesh and Shefali Mehta, Alumni of The Dialogue
Read the full report here.