Internet Freedom Foundation Statement on the Digital Personal Data Protection Bill, 2023

Read our statement on the Digital Personal Data Protection Bill, 2023.

03 August, 2023
2 min read

The Internet Freedom Foundation is extremely disappointed by the version of the Digital Personal Data Protection Bill, 2023 (DPDPB, 2023) that has been introduced in the Lok Sabha today. The Ministry of Electronics & Information Technology (MeitY) had released the Digital Personal Data Protection Bill, 2022 (DPDPB, 2022) on November 18, 2022 for public consultation after the Data Protection Bill, 2021 was withdrawn by the Minister for Electronics & Information Technology, Ashwini Vaishnaw on August 3, 2022. The DPDPB, 2023, like its 2022 predecessor fails to account for concerns raised by civil society through years of consultations across different iterations of the bill in 2018, 2019 and 2021.

The Supreme Court of India in Justice KS Puttaswamy vs Union of India, while stating that informational privacy is an important facet of the right to privacy under the fundamental right to life, emphasised that the Union Government should examine and put into place a robust regime for data protection. We believe that the DPDPB, 2023 falls woefully short of such ideals. It fails to address many data protection concerns and instead puts in place a regime to facilitate the data processing activities of state and private actors.

Some of our main concerns with the DPDPB, 2023 include, but are not limited to:

  1. The further widening of exemptions granted to government instrumentalities that may facilitate increased state surveillance;
  2. The absence of clear provisions on various important issues which have been left to future executive rule-making;
  3. The amendment of the Right to Information Act, 2005 which will significantly weaken the historically progressive law;
  4. The level of executive control over the Data Protection Board; &
  5. The imposition of duties and penalties on Data Principals.

When the DPDPB, 2022 was released for public consultation, we had stated that this version of the bill should be withdrawn due to its failure to satisfactorily protect the privacy of Indian citizens. The DPDPB, 2023 reiterates the shortcomings of the DPDPB, 2022 and fails to inculcate several of the meaningful recommendations that had been made during the consultation process, which were subsequently made public by the relevant stakeholders. We strongly urge the Union Government to address the numerous recurring problems with successive iterations that have been raised by civil society stakeholders. In its present form, the DPDPB, 2023 does not sufficiently safeguard the Right to Privacy and must not be enacted. There must be meaningful discussion and debate on the draft bill in the Parliament, including a referral to an appropriate committee, which may further seek public inputs in the course of its deliberations to re-architect the bill such that it protects citizens’ privacy from private entities as well as the state instrumentalities.

Prateek Waghre
Policy Director

Tanmay Singh
Senior Litigation Counsel

For press queries, please contact Prateek Waghre at [email protected].

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

Summary: A Global Witness and IFF report documenting YouTube and Koo’s ineffective response to flagged hate speech

With endorsement from civil society organisations and individuals, we wrote to electoral candidates, political parties, and parliamentarians, urging them to publicly declare that they will not use deepfake technologies to create deceptive or misleading synthetic content for the 2024 Elections.

3 min read

No place for tech: How digital interventions in NREGA are undermining rural social security

Mandatory digital ‘solutions’ introduced in the NREGA scheme by union and state governments, like Aadhaar-based payments, mobile monitoring apps, facial authentication and surveillance tools, are impinging on workers’ statutory rights and poking holes in the rural social security net.

8 min read

Into IT Standing Committee’s review of action taken by MeitY following its recommendations on citizen data security and privacy

This post breaks down the 55th report of the Standing Committee on Communications and IT, in which the Committee assesses the extent to which its recommendations on citizen data security and privacy were accepted and acted upon by the Ministry of Electronics and IT.

11 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!