India’s draft Data Protection Bill: Here's what to look out for

India’s long-awaited Digital Personal Data Protection Bill will likely be tabled in the upcoming monsoon session of Parliament, the government recently informed a Constitution Bench of the Supreme Court that was hearing petitions challenging WhatsApp’s policy to share users’ data with other platforms owned by Meta (earlier Facebook). The proposed legislation aims to establish a framework for data protection in the country by regulating the collection, storage, processing and transfer of personal data by organisations and government agencies alike.

The Bill is expected to have a far-reaching impact on businesses operating in India, particularly those that handle sensitive personal information, as it will require every entity collecting, storing, transferring or processing data to adopt the measures and safeguards established by the law.

The draft Bill highlights the consent of the user, which is ‘deemed’ and can be withdrawn at any point. It also requires data fiduciaries (persons who determine the purpose and means of processing personal data) to maintain the accuracy and security of data, and delete it once its purpose has been met. “With the introduction of consent of users, the Bill empowers them to have a say about how his or her data is being used,” explains Shreya Suri, Partner at IndusLaw, adding that the law will make all stakeholders accountable for their data practices.

@r_dhanrajani