Indian lawmakers have approved data protection legislation aimed at better regulating large tech companies and imposing penalties for data breaches. Despite its intentions, the new law has raised concerns among various groups about potential violations of citizens’ privacy rights. The legislation includes provisions to limit cross-border data transfers and establish a data protection authority to ensure tech companies’ compliance.
However, critics, including opposition lawmakers and digital experts, argue that the law could grant the government access to user and personal data without consent, potentially compromising digital freedoms in a country where such freedoms have been diminishing since 2014.
Furthermore, fears persist that the data protection legislation might weaken the Right to Information law, a significant legal cornerstone passed in 2005 that enables citizens to access public officers’ data, including state employees’ salaries.
Additionally, digital rights group Access Now has voiced concerns that the new legislation could jeopardize privacy, empower the government with excessive control over personal data, and lead to increased censorship. While the upper house of Parliament has passed the Digital Personal Data Protection bill, it awaits formal approval by the country’s ceremonial president, following its passage by the lower house.
At the same time, this marks the Indian government’s third attempt to pass such data protection legislation, occurring nearly six years after the nation’s top court ruled that privacy is a fundamental right of every citizen. Advocates of the legislation argue that a robust data protection law is crucial for a nation like India, where financial fraud and data leaks have become widespread.
However, critics have voiced concerns over potential government overreach, particularly following the introduction of sweeping regulatory laws in 2021 that subjected social media companies and digital platforms to direct government oversight, sparking debates about online censorship and user rights.