India's Personal Data Protection (PDP) Bill

India's Personal Data Protection (PDP) Bill

Understanding Concerns of Stakeholders

Bhavani Seetharaman

Bhavani Seetharaman

@Bhavani_21

Power of the Data Protection Authority (DPA) over Personal Data Governance

Submitted Sep 12, 2021

- **Lack of stakeholder interaction (Clauses 26,34,53,93, 94)** 
Although Clause 50 mentions that trade associations, among other actors, will be included to conduct stakeholder interactions to develop the code of practices, it is unclear how small organizations, who are not members of these trade associations, can participate in giving inputs about PDP compliance practices.

- **Final authority and layers of governance (Clauses 23, 34, 35,  86, 93, 94)** 
Specifically,
  1. Clauses 93 and 94 allow the DPA to hire members of the Appellate Tribunal to finalize PDP regulations.
  2. Clause 34 allows the DPA to have final say in what data can leave the country. Even this is overridden by the Central Government in Clause 35 and by government departments in Subclause 86(3).
  3. PDP creates the role of the consent manager. Under Clause 23, consent manager is defined as a part of the Data Fiduciary but represents the Data Principal in case of complaints.

All of the above roles confuse the boundaries of authority during implementation and add layers of governance that will add more complexity.

The above clauses highlight the need for more consultations with organizations of different sizes, based on the nature of work, staff and manpower and funding, to create easier categorizations for governance practices, and better compliance overall.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

Deep dives into privacy and security, and understanding needs of the Indian tech ecosystem through guides, research, collaboration, events and conferences. Sponsors: Privacy Mode’s programmes are sponsored by: more

Supported by

Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lower-middle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and social i… more
We’re the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. As a hyperscale cloud service provider, AWS provides access to highly advanced computing tools on rent for startups and SMEs at affordable prices. We help t… more